Skip to content

CVE-2023-20861 @ Maven-org.springframework:spring-expression-5.3.4 #815

New issue
New issue
Open
Open
CVE-2023-20861 @ Maven-org.springframework:spring-expression-5.3.4#815
Labels
CheckmarxCxSCAbranch:main
@AASMACMX

Description

@AASMACMX
AASMACMX
opened on Jul 10, 2023

Vulnerable Package issue exists @ Maven-org.springframework:spring-expression-5.3.4 in branch main

In Spring Framework versions prior to 5.2.23.RELEASE, 5.3.x prior to 5.3.26 and 6.0.x prior to 6.0.7 it is possible for a user to provide a specially crafted SpEL expression that may cause a denial-of-service (DoS) condition.

Namespace: CxDemoInABoxRepos
Repository: Java-Webgoat
Repository Url: https://github.com/CxDemoInABoxRepos/Java-Webgoat
CxAST-Project: CxDemoInABoxRepos/Java-Webgoat
CxAST platform scan: 15076145-61a1-4d21-a896-a138ffd875d6
Branch: main
Application: Java-Webgoat
Severity: MEDIUM
State: TO_VERIFY
Status: RECURRENT
CWE: CWE-770

Additional Info
Attack vector: NETWORK
Attack complexity: LOW
Confidentiality impact: NONE
Availability impact: HIGH
Remediation Upgrade Recommendation: 5.3.26

References
Advisory
Release Note
Issue
Commit
Issue
Commit
Issue
Commit
Advisory

Metadata

Metadata

Assignees

No one assigned

    Labels

    CheckmarxCxSCAbranch:main

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions