CVE-2024-38808 in org.springframework:spring-expression

org.springframework:spring-expression

Medium

4.3/10

Summary

In Spring Framework versions through 5.3.38, a user can provide a specially crafted Spring Expression Language (SpEL) expression that may cause a denial of service (DoS) condition. Specifically, an application is vulnerable when the following is true: The application evaluates user-supplied SpEL expressions.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: NONE
Scope: UNCHANGED
User Interaction: REQUIRED
Privileges Required: NONE
Confidentiality Impact: NONE
Availability Impact: LOW

References

Advisory
Issue
Release Note

Advisory Timeline

Published Aug 20, 2024

CVE-2024-38808 in org.springframework:spring-expression

Summary

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS