VYPR
Critical severityNVD Advisory· Published Apr 20, 2023· Updated May 5, 2025

CVE-2023-20873

CVE-2023-20873

Description

In Spring Boot versions 3.0.0 - 3.0.5, 2.7.0 - 2.7.10, and older unsupported versions, an application that is deployed to Cloud Foundry could be susceptible to a security bypass. Users of affected versions should apply the following mitigation: 3.0.x users should upgrade to 3.0.6+. 2.7.x users should upgrade to 2.7.11+. Users of older, unsupported versions should upgrade to 3.0.6+ or 2.7.11+.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
org.springframework.boot:spring-boot-actuator-autoconfigureMaven
>= 3.0.0, < 3.0.63.0.6
org.springframework.boot:spring-boot-actuator-autoconfigureMaven
>= 2.7.0, < 2.7.112.7.11
org.springframework.boot:spring-boot-actuator-autoconfigureMaven
>= 2.6.0, < 2.6.152.6.15
org.springframework.boot:spring-boot-actuator-autoconfigureMaven
< 2.5.152.5.15

Affected products

2

Patches

Vulnerability mechanics

References

12

News mentions

0

No linked articles in our index yet.

CVE-2023-20873 · critical · VYPR