10 matches found
CVE-2026-41851 Spring Framework Denial of Service via Unbounded Cache in SpEL
Applications which accept user-supplied Spring Expression Language SpEL expressions may be vulnerable to a Denial of Service DoS attack if the evaluation of a SpEL expression triggers unbounded cache growth. Affected versions: Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0...
PT-2026-47662
Name of the Vulnerable Software and Affected Versions Spring Framework versions 7.0.0 through 7.0.7 Spring Framework versions 6.2.0 through 6.2.18 Spring Framework versions 6.1.0 through 6.1.27 Spring Framework versions 5.3.0 through 5.3.48 Description Applications that accept user-supplied Sprin...
EUVD-2024-2544
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2024-38808
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Spring Framework versions 5.3.0 - 5.3.38 and older unsupported versions, it is possible for a user to provide a specially crafted Spring Expression Language...
spring-expression: Denial of service when processing a specially crafted Spring Expression Language expression
A flaw was found in the Spring framework package. A maliciously crafted Spring Expression Language SePL may trigger uncontrolled CPU usage, leading to a denial of service in the application consuming it. To be considered vulnerable, one application has to evaluate user-supplied SpEL expressions...
spring-expression: Denial of service when processing a specially crafted Spring Expression Language expression
A flaw was found in the Spring framework package. A maliciously crafted Spring Expression Language SePL may trigger uncontrolled CPU usage, leading to a denial of service in the application consuming it. To be considered vulnerable, one application has to evaluate user-supplied SpEL expressions...
spring-expression: Denial of service when processing a specially crafted Spring Expression Language expression
A flaw was found in the Spring framework package. A maliciously crafted Spring Expression Language SePL may trigger uncontrolled CPU usage, leading to a denial of service in the application consuming it. To be considered vulnerable, one application has to evaluate user-supplied SpEL expressions...
spring-expression: Denial of service when processing a specially crafted Spring Expression Language expression
A flaw was found in the Spring framework package. A maliciously crafted Spring Expression Language SePL may trigger uncontrolled CPU usage, leading to a denial of service in the application consuming it. To be considered vulnerable, one application has to evaluate user-supplied SpEL expressions...
spring-expression: Denial of service when processing a specially crafted Spring Expression Language expression
A flaw was found in the Spring framework package. A maliciously crafted Spring Expression Language SePL may trigger uncontrolled CPU usage, leading to a denial of service in the application consuming it. To be considered vulnerable, one application has to evaluate user-supplied SpEL expressions...
UBUNTU-CVE-2024-38808
In Spring Framework versions 5.3.0 - 5.3.38 and older unsupported versions, it is possible for a user to provide a specially crafted Spring Expression Language SpEL expression that may cause a denial of service DoS condition. Specifically, an application is vulnerable when the following is true:...