Denial Of Service (DoS)

org.springframework, spring-expression is vulnerable to a Denial of Service DoS. The vulnerability is due to the evaluation of user-supplied Spring Expression Language SpEL expressions, which attackers can exploit by providing specially crafted expressions that can overload the system...

CVE-2024-38808

A flaw was found in the Spring framework package. A maliciously crafted Spring Expression Language SePL may trigger uncontrolled CPU usage, leading to a denial of service in the application consuming it. To be considered vulnerable, one application has to evaluate user-supplied SpEL expressions...

GHSA-9CMQ-M9J5-MVWW Spring Framework vulnerable to Denial of Service

In Spring Framework versions 5.3.0 - 5.3.38 and older unsupported versions, it is possible for a user to provide a specially crafted Spring Expression Language SpEL expression that may cause a denial of service DoS condition. Older, unsupported versions are also affected. Specifically, an...

Spring Framework vulnerable to Denial of Service

In Spring Framework versions 5.3.0 - 5.3.38 and older unsupported versions, it is possible for a user to provide a specially crafted Spring Expression Language SpEL expression that may cause a denial of service DoS condition. Older, unsupported versions are also affected. Specifically, an...

CVE-2024-38808

In Spring Framework versions 5.3.0 - 5.3.38 and older unsupported versions, it is possible for a user to provide a specially crafted Spring Expression Language SpEL expression that may cause a denial of service DoS condition. Specifically, an application is vulnerable when the following is true:...

CVE-2024-38808

In Spring Framework versions 5.3.0 - 5.3.38 and older unsupported versions, it is possible for a user to provide a specially crafted Spring Expression Language SpEL expression that may cause a denial of service DoS condition. Specifically, an application is vulnerable when the following is true:...

DEBIAN-CVE-2024-38808

In Spring Framework versions 5.3.0 - 5.3.38 and older unsupported versions, it is possible for a user to provide a specially crafted Spring Expression Language SpEL expression that may cause a denial of service DoS condition. Specifically, an application is vulnerable when the following is true:...

UBUNTU-CVE-2024-38808

In Spring Framework versions 5.3.0 - 5.3.38 and older unsupported versions, it is possible for a user to provide a specially crafted Spring Expression Language SpEL expression that may cause a denial of service DoS condition. Specifically, an application is vulnerable when the following is true:...

CVE-2024-38808

The CVE-2024-38808 DoS in Spring Framework is triggered when an application evaluates user-supplied SpEL expressions in versions 5.3.0–5.3.38 and older unsupported releases. The vulnerability is due to how SpEL expressions may be crafted to exhaust resources, leading to denial of service. Several...

CVE-2024-38808 CVE-2024-38808: Spring Expression DoS Vulnerability

In Spring Framework versions 5.3.0 - 5.3.38 and older unsupported versions, it is possible for a user to provide a specially crafted Spring Expression Language SpEL expression that may cause a denial of service DoS condition. Specifically, an application is vulnerable when the following is true:...

CVE-2024-38808 CVE-2024-38808: Spring Expression DoS Vulnerability

In Spring Framework versions 5.3.0 - 5.3.38 and older unsupported versions, it is possible for a user to provide a specially crafted Spring Expression Language SpEL expression that may cause a denial of service DoS condition. Specifically, an application is vulnerable when the following is true:...

CVE-2024-38808

In Spring Framework versions 5.3.0 - 5.3.38 and older unsupported versions, it is possible for a user to provide a specially crafted Spring Expression Language SpEL expression that may cause a denial of service DoS condition. Specifically, an application is vulnerable when the following is true:...

ai.langsa:ccaas-starter (>=0.1 <=cloud-0.3), ai.langsa:pom-ccaas-langsa (=0.1) +1307 more potentially affected by CVE-2024-38810 via org.springframework.security:spring-security-core (>=6.3.0 <=6.3.10)

org.springframework.security:spring-security-core MAVEN version =6.3.0, =0.1, =3.3.0.0, =3.3.0.0, =3.3.0.0, =3.3.0.0, =3.3.0.0, =3.3.0.0, =3.3.0.0, =3.3.2.2 and more Source cves: CVE-2024-38810 Source advisory: OSV:GHSA-HMQF-WPQ9-JQ83...

GHSA-HMQF-WPQ9-JQ83 Spring Security Missing Authorization vulnerability

Missing Authorization When Using @AuthorizeReturnObject in Spring Security 6.3.0 and 6.3.1 allows attacker to render security annotations inaffective...

Spring Security Missing Authorization vulnerability

Missing Authorization When Using @AuthorizeReturnObject in Spring Security 6.3.0 and 6.3.1 allows attacker to render security annotations inaffective...

CVE-2024-38810

Missing Authorization When Using @AuthorizeReturnObject in Spring Security 6.3.0 and 6.3.1 allows attacker to render security annotations inaffective...

CVE-2024-38810

Missing Authorization When Using @AuthorizeReturnObject in Spring Security 6.3.0 and 6.3.1 allows attacker to render security annotations inaffective...

CVE-2024-38810 Missing Authorization When Using @AuthorizeReturnObject

Missing Authorization When Using @AuthorizeReturnObject in Spring Security 6.3.0 and 6.3.1 allows attacker to render security annotations inaffective...

CVE-2024-38810

CVE-2024-38810 affects VMware Tanzu Spring Security; vulnerability arises from missing authorization when using @AuthorizeReturnObject, enabling an attacker to obtain sensitive information. Connected sources confirm affected components include Spring Security 6.3.0 and 6.3.1, with multiple vendor...

CVE-2024-38810 Missing Authorization When Using @AuthorizeReturnObject

Missing Authorization When Using @AuthorizeReturnObject in Spring Security 6.3.0 and 6.3.1 allows attacker to render security annotations inaffective...