CVE-2023-34053

2023-11-2809:15:06

Debian Security Bug Tracker

security-tracker.debian.org

spring framework

denial-of-service

http requests

spring mvc

spring webflux

micrometer-core

observationregistry

spring boot

spring-boot-actuator

unix

0.0005 Low

EPSS

Percentile

15.1%

JSON

In Spring Framework versions 6.0.0 - 6.0.13, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service (DoS) condition. Specifically, an application is vulnerable when all of the following are true: * the application uses Spring MVC or Spring WebFlux * io.micrometer:micrometer-core is on the classpath * an ObservationRegistry is configured in the application to record observations Typically, Spring Boot applications need the org.springframework.boot:spring-boot-actuator dependency to meet all conditions.

OSVersionArchitecturePackageVersionFilename
Debian12alllibspring-java< 4.3.30-2libspring-java_4.3.30-2_all.deb
Debian11alllibspring-java< 4.3.30-1libspring-java_4.3.30-1_all.deb
Debian10alllibspring-java< 4.3.22-4libspring-java_4.3.22-4_all.deb
Debian999alllibspring-java< 4.3.30-2libspring-java_4.3.30-2_all.deb
Debian13alllibspring-java< 4.3.30-2libspring-java_4.3.30-2_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	12	all	libspring-java	< 4.3.30-2	libspring-java_4.3.30-2_all.deb
Debian	11	all	libspring-java	< 4.3.30-1	libspring-java_4.3.30-1_all.deb
Debian	10	all	libspring-java	< 4.3.22-4	libspring-java_4.3.22-4_all.deb
Debian	999	all	libspring-java	< 4.3.30-2	libspring-java_4.3.30-2_all.deb
Debian	13	all	libspring-java	< 4.3.30-2	libspring-java_4.3.30-2_all.deb

0.0005 Low

EPSS

Percentile

15.1%

JSON

Related for DEBIANCVE:CVE-2023-34053