VYPR
Moderate severityNVD Advisory· Published Nov 28, 2023· Updated Feb 13, 2025

Spring Boot server Web Observations DoS Vulnerability

CVE-2023-34055

Description

In Spring Boot versions 2.7.0 - 2.7.17, 3.0.0-3.0.12 and 3.1.0-3.1.5, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service (DoS) condition.

Specifically, an application is vulnerable when all of the following are true:

  • the application uses Spring MVC or Spring WebFlux
  • org.springframework.boot:spring-boot-actuator is on the classpath

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
org.springframework.boot:spring-boot-actuatorMaven
< 2.7.182.7.18
org.springframework.boot:spring-boot-actuatorMaven
>= 3.0.0, < 3.0.133.0.13
org.springframework.boot:spring-boot-actuatorMaven
>= 3.1.0, < 3.1.63.1.6

Affected products

2

Patches

Vulnerability mechanics

References

7

News mentions

0

No linked articles in our index yet.