org.springframework: spring-web is vulnerable to Denial Of Service (DoS). The vulnerability is due to a lack of validation for HTTP methods in DefaultServerRequestObservationConvention.java
. This allows an attacker to inject specially crafted HTTP requests that may cause Denial of Service. Note that the following conditions must be true for the vulnerability to be exploitable in an application. The application must use Spring MVC or Spring WebFlux, io.micrometer:micrometer-core
is on the classpath and ObservationRegistry
is configured in the application to record observations.
CPE | Name | Operator | Version |
---|---|---|---|
spring web | le | 6.0.13 | |
spring web | le | 6.0.13 |