Skip to main content

CVE-2024-38808

Severity Medium
Score 4.3/10

Summary

In Spring Framework versions through 5.3.38, a user can provide a specially crafted Spring Expression Language (SpEL) expression that may cause a denial of service (DoS) condition. Specifically, an application is vulnerable when the following is true: The application evaluates user-supplied SpEL expressions.

  • LOW
  • NETWORK
  • NONE
  • UNCHANGED
  • REQUIRED
  • NONE
  • NONE
  • LOW

Advisory Timeline

  • Published