Lucene search

[email protected]NVD:CVE-2024-38808

HistoryAug 20, 2024 - 8:15 a.m.

CVE-2024-38808

2024-08-2008:15:05

[email protected]

web.nvd.nist.gov

spring framework

spel expression

dos

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

EPSS

Percentile

9.5%

JSON

In Spring Framework versions 5.3.0 - 5.3.38 and older unsupported versions, it is possible for a user to provide a specially crafted Spring Expression Language (SpEL) expression that may cause a denial of service (DoS) condition.

Specifically, an application is vulnerable when the following is true:

The application evaluates user-supplied SpEL expressions.

References

spring.io/security/cve-2024-38808

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

EPSS

Percentile

9.5%

JSON

Related for NVD:CVE-2024-38808

cvelist1 osv4 debiancve1 github1 wolfi1 veracode1 vulnrichment1 nessus1 cve1 redhatcve1 atlassian1 openvas4 redhat1 spring1