CVE-2023-20861 @ Maven-org.springframework:spring-expression-3.2.8.RELEASE

Question

CVE-2023-20861 @ Maven-org.springframework:spring-expression-3.2.8.RELEASE

Opened this issue 7 months ago · 0 comments

cristovaoolegario commented 7 months ago

Checkmarx (SCA): Vulnerable Package
Vulnerability: Read More about CVE-2023-20861
Checkmarx Project: cristovaoolegario/astlab
Repository URL: https://github.com/cristovaoolegario/astlab
Branch: main
Scan ID: 39e7da3c-31d5-48d8-8e52-19c01426aaab

In Spring Framework versions prior to 5.2.23.RELEASE, 5.3.x prior to 5.3.26 and 6.0.x prior to 6.0.7 it is possible for a user to provide a specially crafted SpEL expression that may cause a denial-of-service (DoS) condition.

Additional Info
Attack vector: NETWORK
Attack complexity: LOW
Confidentiality impact: NONE
Availability impact: HIGH
Remediation Upgrade Recommendation: 5.2.24.RELEASE