Spring Framework — универсальный фреймворк с открытым исходным кодом для Java-платформы.
Релизный цикл, информация об уязвимостях
График релизов
Количество 236
GHSA-564r-hj7v-mcr5
Spring Framework vulnerable to denial of service via specially crafted SpEL expression
CVE-2023-20861
In Spring Framework versions 6.0.0 - 6.0.6, 5.3.0 - 5.3.25, 5.2.0.RELEASE - 5.2.22.RELEASE, and older unsupported versions, it is possible for a user to provide a specially crafted SpEL expression that may cause a denial-of-service (DoS) condition.
CVE-2023-20861
In Spring Framework versions 6.0.0 - 6.0.6, 5.3.0 - 5.3.25, 5.2.0.RELE ...
CVE-2023-20861
In Spring Framework versions 6.0.0 - 6.0.6, 5.3.0 - 5.3.25, 5.2.0.RELEASE - 5.2.22.RELEASE, and older unsupported versions, it is possible for a user to provide a specially crafted SpEL expression that may cause a denial-of-service (DoS) condition.
CVE-2023-20860
Spring Framework running version 6.0.0 - 6.0.6 or 5.3.0 - 5.3.25 using "**" as a pattern in Spring Security configuration with the mvcRequestMatcher creates a mismatch in pattern matching between Spring Security and Spring MVC, and the potential for a security bypass.
CVE-2023-20861
In Spring Framework versions 6.0.0 - 6.0.6, 5.3.0 - 5.3.25, 5.2.0.RELEASE - 5.2.22.RELEASE, and older unsupported versions, it is possible for a user to provide a specially crafted SpEL expression that may cause a denial-of-service (DoS) condition.
GHSA-rfmp-97jj-h8m6
Improper Output Neutralization for Logs in Spring Framework
GHSA-gfwj-fwqj-fp3v
Improper Privilege Management in Spring Framework
GHSA-4wrc-f8pq-fpqp
Pivotal Spring Framework contains unsafe Java deserialization methods
GHSA-vpr3-f594-mg5g
Improper Control of Generation of Code ('Code Injection') in Spring Framework
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
| GHSA-564r-hj7v-mcr5 Spring Framework vulnerable to denial of service via specially crafted SpEL expression | CVSS3: 6.5 | 0% Низкий | около 2 лет назад |
 | CVE-2023-20861 In Spring Framework versions 6.0.0 - 6.0.6, 5.3.0 - 5.3.25, 5.2.0.RELEASE - 5.2.22.RELEASE, and older unsupported versions, it is possible for a user to provide a specially crafted SpEL expression that may cause a denial-of-service (DoS) condition. | CVSS3: 6.5 | 0% Низкий | около 2 лет назад |
| CVE-2023-20861 In Spring Framework versions 6.0.0 - 6.0.6, 5.3.0 - 5.3.25, 5.2.0.RELE ... | CVSS3: 6.5 | 0% Низкий | около 2 лет назад |
 | CVE-2023-20861 In Spring Framework versions 6.0.0 - 6.0.6, 5.3.0 - 5.3.25, 5.2.0.RELEASE - 5.2.22.RELEASE, and older unsupported versions, it is possible for a user to provide a specially crafted SpEL expression that may cause a denial-of-service (DoS) condition. | CVSS3: 6.5 | 0% Низкий | около 2 лет назад |
 | CVE-2023-20860 Spring Framework running version 6.0.0 - 6.0.6 or 5.3.0 - 5.3.25 using "**" as a pattern in Spring Security configuration with the mvcRequestMatcher creates a mismatch in pattern matching between Spring Security and Spring MVC, and the potential for a security bypass. | CVSS3: 7.5 | 56% Средний | около 2 лет назад |
| CVE-2023-20861 In Spring Framework versions 6.0.0 - 6.0.6, 5.3.0 - 5.3.25, 5.2.0.RELEASE - 5.2.22.RELEASE, and older unsupported versions, it is possible for a user to provide a specially crafted SpEL expression that may cause a denial-of-service (DoS) condition. | CVSS3: 5.3 | 0% Низкий | около 2 лет назад |
| GHSA-rfmp-97jj-h8m6 Improper Output Neutralization for Logs in Spring Framework | CVSS3: 4.3 | 0% Низкий | около 3 лет назад |
| GHSA-gfwj-fwqj-fp3v Improper Privilege Management in Spring Framework | CVSS3: 7.8 | 0% Низкий | около 3 лет назад |
| GHSA-4wrc-f8pq-fpqp Pivotal Spring Framework contains unsafe Java deserialization methods | CVSS3: 9.8 | 59% Средний | около 3 лет назад |
| GHSA-vpr3-f594-mg5g Improper Control of Generation of Code ('Code Injection') in Spring Framework | 2% Низкий | около 3 лет назад |
Уязвимостей на страницу