CVE-2024-22233

Name of the Vulnerable Software and Affected Versions Spring Framework versions 6.0.15 and 6.1.2

Description The issue is related to an uncontrolled resource consumption vulnerability in the Spring Framework, which can be exploited by sending specially crafted HTTP requests, potentially leading to a denial-of-service (DoS) condition. This vulnerability affects applications that use Spring MVC and have Spring Security 6.1.6+ or 6.2.1+ on the classpath. Over 35,000 services and approximately 1,064,276 results, mainly distributed in China and the United States, are potentially affected.

Recommendations For Spring Framework versions 6.0.15 and 6.1.2, consider disabling the vulnerable component or restricting access to the application until a patch is available. As a temporary workaround, restrict the use of org.springframework.boot:spring-boot-starter-web and org.springframework.boot:spring-boot-starter-security dependencies to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.