In Spring Framework versions 6.0.0 - 6.0.6, 5.3.0 - 5.3.25, 5.2.0.RELEASE - 5.2.22.RELEASE, and older unsupported versions, it is possible for a user to provide a specially crafted SpEL expression that may cause a denial-of-service (DoS) condition.

References

security.netapp.com/advisory/ntap-20230420-0007/

spring.io/security/cve-2023-20861

ibm 28

cve 1

ubuntucve 1

cvelist 1

prion 1

f5 1

github 1

broadcom 1

osv 1

veracode 1

nessus 8

debiancve 1

spring 1

redhatcve 2

openvas 4

redhat 9

oracle 3

ibm

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in VMware Tanzu Spring Framework (CVE-2023-20861)

2023-06-28 20:44:09

Security Bulletin: Vulnerability in Spring Framework affects IBM Process Mining . CVE-2023-20861

2023-05-05 14:43:31

Security Bulletin: Denial of Service vulnerability in Spring may affect IBM Business Automation Workflow - CVE-2023-20861

2023-04-28 17:07:05

cve

CVE-2023-20861

2023-03-23 21:15:19

ubuntucve

CVE-2023-20861

2023-03-23 00:00:00

cvelist

CVE-2023-20861

2023-03-23 00:00:00

prion

Race condition

2023-03-23 21:15:00

K000134681 : Spring Framework vulnerability CVE-2023-20861

2023-05-19 00:00:00

github

Spring Framework vulnerable to denial of service via specially crafted SpEL expression

2023-03-23 21:30:19

broadcom

Spring Expression DoS Vulnerability (CVE-2023-20861)

2024-04-16 00:00:00

osv

Spring Framework vulnerable to denial of service via specially crafted SpEL expression

2023-03-23 21:30:19

veracode

Denial Of Service (DoS)

2023-03-27 22:04:35

nessus

Spring Framework < 5.2.23 / 5.3.x < 5.3.26 / 6.0.x < 6.0.7 DoS (CVE-2023-20861)

2023-05-04 00:00:00

RHEL 8 : Red Hat Virtualization (RHSA-2023:3771)

2023-06-22 00:00:00

Oracle Identity Manager (Jul 2023 CPU)

2023-07-21 00:00:00

debiancve

CVE-2023-20861

2023-03-23 21:15:19

spring

This Week in Spring - March 21st, 2023

2023-03-21 00:00:00

redhatcve

CVE-2023-20861

2023-03-24 13:07:29

CVE-2023-20860

2023-03-24 13:07:33

openvas

VMware Spring Framework 5.3.x < 5.3.26, 6.0.x < 6.0.7 Security Bypass Vulnerability - Windows

2023-03-21 00:00:00

VMware Spring Framework 5.3.x < 5.3.26, 6.0.x < 6.0.7 Security Bypass Vulnerability - Linux

2023-03-21 00:00:00

VMware Spring Framework < 5.2.23, 5.3.x < 5.3.26, 6.0.x < 6.0.7 DoS Vulnerability - Linux

2023-03-21 00:00:00

redhat

(RHSA-2023:3771) Important: Red Hat Virtualization security and bug fix update

2023-06-21 19:50:23

(RHSA-2023:4612) Important: Red Hat support for Spring Boot 2.7.13 security update

2023-08-16 10:54:20

(RHSA-2023:3185) Important: Red Hat AMQ Broker 7.10.3 release and security update

2023-05-17 13:55:59

oracle

Oracle Critical Patch Update Advisory - October 2023

2023-10-17 00:00:00

Oracle Critical Patch Update Advisory - April 2024

2024-04-16 00:00:00

Oracle Critical Patch Update Advisory - July 2023

2023-07-18 00:00:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
OpenSource

@2024 Vulners Inc

7 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

48.0%

JSON

Related for OSV:CVE-2023-20861