CVE-2024-38808
Summary
In Spring Framework versions through 5.3.38, a user can provide a specially crafted Spring Expression Language (SpEL) expression that may cause a denial of service (DoS) condition. Specifically, an application is vulnerable when the following is true: The application evaluates user-supplied SpEL expressions.
- LOW
- NETWORK
- NONE
- UNCHANGED
- REQUIRED
- NONE
- NONE
- LOW
References
Advisory Timeline
- Published