Spring Framework — универсальный фреймворк с открытым исходным кодом для Java-платформы.
Релизный цикл, информация об уязвимостях
График релизов
Количество 241
CVE-2023-34053
In Spring Framework versions 6.0.0 - 6.0.13, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service (DoS) condition. Specifically, an application is vulnerable when all of the following are true: * the application uses Spring MVC or Spring WebFlux * io.micrometer:micrometer-core is on the classpath * an ObservationRegistry is configured in the application to record observations Typically, Spring Boot applications need the org.springframework.boot:spring-boot-actuator dependency to meet all conditions.
CVE-2023-34053
In Spring Framework versions 6.0.0 - 6.0.13, it is possible for a user ...
CVE-2023-34053
In Spring Framework versions 6.0.0 - 6.0.13, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service (DoS) condition. Specifically, an application is vulnerable when all of the following are true: * the application uses Spring MVC or Spring WebFlux * io.micrometer:micrometer-core is on the classpath * an ObservationRegistry is configured in the application to record observations Typically, Spring Boot applications need the org.springframework.boot:spring-boot-actuator dependency to meet all conditions.
CVE-2023-34053
In Spring Framework versions 6.0.0 - 6.0.13, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service (DoS) condition. Specifically, an application is vulnerable when all of the following are true: * the application uses Spring MVC or Spring WebFlux * io.micrometer:micrometer-core is on the classpath * an ObservationRegistry is configured in the application to record observations Typically, Spring Boot applications need the org.springframework.boot:spring-boot-actuator dependency to meet all conditions.
GHSA-54f6-9mx9-86f7
SaToken privilege escalation vulnerability
CVE-2023-44794
An issue in Dromara SaToken version 1.36.0 and before allows a remote attacker to escalate privileges via a crafted payload to the URL.
GHSA-wxqc-pxw9-g2p8
Spring Framework vulnerable to denial of service
CVE-2023-20863
In spring framework versions prior to 5.2.24 release+ ,5.3.27+ and 6.0.8+ , it is possible for a user to provide a specially crafted SpEL expression that may cause a denial-of-service (DoS) condition.
CVE-2023-20863
In spring framework versions prior to 5.2.24 release+ ,5.3.27+ and 6.0 ...
CVE-2023-20863
In spring framework versions prior to 5.2.24 release+ ,5.3.27+ and 6.0.8+ , it is possible for a user to provide a specially crafted SpEL expression that may cause a denial-of-service (DoS) condition.
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
 | CVE-2023-34053 In Spring Framework versions 6.0.0 - 6.0.13, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service (DoS) condition. Specifically, an application is vulnerable when all of the following are true: * the application uses Spring MVC or Spring WebFlux * io.micrometer:micrometer-core is on the classpath * an ObservationRegistry is configured in the application to record observations Typically, Spring Boot applications need the org.springframework.boot:spring-boot-actuator dependency to meet all conditions. | CVSS3: 5.3 | 0% Низкий | больше 1 года назад |
| CVE-2023-34053 In Spring Framework versions 6.0.0 - 6.0.13, it is possible for a user ... | CVSS3: 5.3 | 0% Низкий | больше 1 года назад |
 | CVE-2023-34053 In Spring Framework versions 6.0.0 - 6.0.13, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service (DoS) condition. Specifically, an application is vulnerable when all of the following are true: * the application uses Spring MVC or Spring WebFlux * io.micrometer:micrometer-core is on the classpath * an ObservationRegistry is configured in the application to record observations Typically, Spring Boot applications need the org.springframework.boot:spring-boot-actuator dependency to meet all conditions. | CVSS3: 5.3 | 0% Низкий | больше 1 года назад |
 | CVE-2023-34053 In Spring Framework versions 6.0.0 - 6.0.13, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service (DoS) condition. Specifically, an application is vulnerable when all of the following are true: * the application uses Spring MVC or Spring WebFlux * io.micrometer:micrometer-core is on the classpath * an ObservationRegistry is configured in the application to record observations Typically, Spring Boot applications need the org.springframework.boot:spring-boot-actuator dependency to meet all conditions. | CVSS3: 7.5 | 0% Низкий | больше 1 года назад |
| GHSA-54f6-9mx9-86f7 SaToken privilege escalation vulnerability | CVSS3: 9.8 | 2% Низкий | почти 2 года назад |
| CVE-2023-44794 An issue in Dromara SaToken version 1.36.0 and before allows a remote attacker to escalate privileges via a crafted payload to the URL. | CVSS3: 9.8 | 2% Низкий | почти 2 года назад |
| GHSA-wxqc-pxw9-g2p8 Spring Framework vulnerable to denial of service | CVSS3: 7.5 | 1% Низкий | больше 2 лет назад |
| CVE-2023-20863 In spring framework versions prior to 5.2.24 release+ ,5.3.27+ and 6.0.8+ , it is possible for a user to provide a specially crafted SpEL expression that may cause a denial-of-service (DoS) condition. | CVSS3: 6.5 | 1% Низкий | больше 2 лет назад |
| CVE-2023-20863 In spring framework versions prior to 5.2.24 release+ ,5.3.27+ and 6.0 ... | CVSS3: 6.5 | 1% Низкий | больше 2 лет назад |
| CVE-2023-20863 In spring framework versions prior to 5.2.24 release+ ,5.3.27+ and 6.0.8+ , it is possible for a user to provide a specially crafted SpEL expression that may cause a denial-of-service (DoS) condition. | CVSS3: 6.5 | 1% Низкий | больше 2 лет назад |
Уязвимостей на страницу