GHSA-xf96-w227-r7c4, CVE-2023-20883
maven/org.springframework.boot/spring-boot-autoconfigure
Spring Boot Welcome Page Denial of Service
In Spring Boot versions 3.0.0 - 3.0.6, 2.7.0 - 2.7.11, 2.6.0 - 2.6.14, 2.5.0 - 2.5.14 and older unsupported versions, there is potential for a denial-of-service (DoS) attack if Spring MVC is used together with a reverse proxy cache.
All versions before 2.5.15, all versions starting from 2.6.0 before 2.6.15, all versions starting from 2.7.0 before 2.7.12, all versions starting from 3.0.0 before 3.0.7
Upgrade to versions 2.7.12, 3.0.7, 2.5.15, 2.6.15 or above.
2023-05-29
source |