High severityNVD Advisory· Published Jan 22, 2024· Updated Jun 20, 2025
CVE-2024-22233: Spring Framework server Web DoS Vulnerability
CVE-2024-22233
Description
In Spring Framework versions 6.0.15 and 6.1.2, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service (DoS) condition.
Specifically, an application is vulnerable when all of the following are true:
- the application uses Spring MVC
- Spring Security 6.1.6+ or 6.2.1+ is on the classpath
Typically, Spring Boot applications need the org.springframework.boot:spring-boot-starter-web and org.springframework.boot:spring-boot-starter-security dependencies to meet all conditions.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.springframework:spring-coreMaven | >= 6.1.2, < 6.1.3 | 6.1.3 |
org.springframework:spring-coreMaven | >= 6.0.15, < 6.0.16 | 6.0.16 |
Affected products
8- osv-coords7 versionspkg:apk/chainguard/jenkinspkg:apk/chainguard/jenkins-compatpkg:apk/chainguard/jenkins-remotingpkg:apk/wolfi/jenkinspkg:apk/wolfi/jenkins-compatpkg:apk/wolfi/jenkins-remotingpkg:maven/org.springframework/spring-core
< 2.442-r0+ 6 more
- (no CPE)range: < 2.442-r0
- (no CPE)range: < 2.442-r0
- (no CPE)range: < 2.442-r0
- (no CPE)range: < 2.442-r0
- (no CPE)range: < 2.442-r0
- (no CPE)range: < 2.442-r0
- (no CPE)range: >= 6.1.2, < 6.1.3
- Range: 6.1.2
Patches
Vulnerability mechanics
References
6News mentions
0No linked articles in our index yet.