Описание
Spring Framework, versions 5.0.x prior to 5.0.6, versions 4.3.x prior to 4.3.17, and older unsupported versions allows applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a regular expression, denial of service attack.
| Релиз | Статус | Примечание |
|---|---|---|
| artful | ignored | end of life |
| bionic | not-affected | 4.3.19-1 |
| cosmic | not-affected | 4.3.19-1 |
| devel | not-affected | 4.3.19-1 |
| disco | not-affected | 4.3.19-1 |
| eoan | not-affected | 4.3.19-1 |
| esm-apps/bionic | not-affected | 4.3.19-1 |
| esm-apps/focal | not-affected | 4.3.19-1 |
| esm-apps/jammy | not-affected | 4.3.19-1 |
| esm-apps/noble | not-affected | 4.3.19-1 |
Показывать по
EPSS
4 Medium
CVSS2
6.5 Medium
CVSS3
Связанные уязвимости
Spring Framework, versions 5.0.x prior to 5.0.6, versions 4.3.x prior to 4.3.17, and older unsupported versions allows applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a regular expression, denial of service attack.
Spring Framework, versions 5.0.x prior to 5.0.6, versions 4.3.x prior to 4.3.17, and older unsupported versions allows applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a regular expression, denial of service attack.
Spring Framework, versions 5.0.x prior to 5.0.6, versions 4.3.x prior ...
Denial of Service in org.springframework:spring-core
Уязвимость программной платформы Spring Framework, существующая из-за недостаточной проверки входных данных, позволяющая нарушителю вызвать отказ в обслуживании
EPSS
4 Medium
CVSS2
6.5 Medium
CVSS3