Описание
n Spring Framework versions 5.3.0 - 5.3.16 and older unsupported versions, it is possible for a user to provide a specially crafted SpEL expression that may cause a denial of service condition.
A flaw was found in the Spring Framework. This flaw allows an attacker to craft a special Spring Expression, causing a denial of service.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| A-MQ Clients 2 | spring-expression | Not affected | ||
| Logging Subsystem for Red Hat OpenShift | spring-expression | Will not fix | ||
| Red Hat AMQ Broker 7 | spring-expression | Not affected | ||
| Red Hat build of Quarkus | spring-expression | Not affected | ||
| Red Hat Data Grid 8 | spring-expression | Will not fix | ||
| Red Hat Integration Camel K 1 | spring-expression | Will not fix | ||
| Red Hat Integration Camel Quarkus 1 | spring-expression | Will not fix | ||
| Red Hat Integration Data Virtualisation Operator | spring-expression | Out of support scope | ||
| Red Hat JBoss Data Grid 7 | spring-expression | Out of support scope | ||
| Red Hat JBoss Data Virtualization 6 | spring-expression | Out of support scope |
Показывать по
Дополнительная информация
Статус:
EPSS
7.5 High
CVSS3
Связанные уязвимости
n Spring Framework versions 5.3.0 - 5.3.16 and older unsupported versions, it is possible for a user to provide a specially crafted SpEL expression that may cause a denial of service condition.
n Spring Framework versions 5.3.0 - 5.3.16 and older unsupported versions, it is possible for a user to provide a specially crafted SpEL expression that may cause a denial of service condition.
n Spring Framework versions 5.3.0 - 5.3.16 and older unsupported versi ...
Allocation of Resources Without Limits or Throttling in Spring Framework
EPSS
7.5 High
CVSS3