VYPR
Moderate severityNVD Advisory· Published Aug 20, 2024· Updated Oct 30, 2024

CVE-2024-38808: Spring Expression DoS Vulnerability

CVE-2024-38808

Description

In Spring Framework versions 5.3.0 - 5.3.38 and older unsupported versions, it is possible for a user to provide a specially crafted Spring Expression Language (SpEL) expression that may cause a denial of service (DoS) condition.

Specifically, an application is vulnerable when the following is true:

  • The application evaluates user-supplied SpEL expressions.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
org.springframework:spring-expressionMaven
< 5.3.395.3.39

Affected products

16

Patches

Vulnerability mechanics

References

6

News mentions

0

No linked articles in our index yet.