Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2024-38808

Опубликовано: 20 авг. 2024
Источник: debian
EPSS Низкий

Описание

In Spring Framework versions 5.3.0 - 5.3.38 and older unsupported versions, it is possible for a user to provide a specially crafted Spring Expression Language (SpEL) expression that may cause a denial of service (DoS) condition. Specifically, an application is vulnerable when the following is true: * The application evaluates user-supplied SpEL expressions.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
libspring-javaunfixedpackage

Примечания

  • https://spring.io/security/cve-2024-38808

  • Only supported for building applications shipped in Debian, see README.Debian.security

EPSS

Процентиль: 54%
0.0031
Низкий

Связанные уязвимости

CVSS3: 4.3
ubuntu
12 месяцев назад

In Spring Framework versions 5.3.0 - 5.3.38 and older unsupported versions, it is possible for a user to provide a specially crafted Spring Expression Language (SpEL) expression that may cause a denial of service (DoS) condition. Specifically, an application is vulnerable when the following is true: * The application evaluates user-supplied SpEL expressions.

CVSS3: 5.9
redhat
12 месяцев назад

In Spring Framework versions 5.3.0 - 5.3.38 and older unsupported versions, it is possible for a user to provide a specially crafted Spring Expression Language (SpEL) expression that may cause a denial of service (DoS) condition. Specifically, an application is vulnerable when the following is true: * The application evaluates user-supplied SpEL expressions.

CVSS3: 4.3
nvd
12 месяцев назад

In Spring Framework versions 5.3.0 - 5.3.38 and older unsupported versions, it is possible for a user to provide a specially crafted Spring Expression Language (SpEL) expression that may cause a denial of service (DoS) condition. Specifically, an application is vulnerable when the following is true: * The application evaluates user-supplied SpEL expressions.

CVSS3: 4.3
github
12 месяцев назад

Spring Framework vulnerable to Denial of Service

CVSS3: 4.3
fstec
12 месяцев назад

Уязвимость программной платформы Spring Framework, связанная с ошибками освобождения ресурсов, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 54%
0.0031
Низкий