GHSA-wxqc-pxw9-g2p8, CVE-2023-20863
maven/org.springframework/spring-expression
Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')
In spring framework versions prior to 5.2.24 release+,5.3.27+ and 6.0.8+, it is possible for a user to provide a specially crafted SpEL expression that may cause a denial-of-service (DoS) condition.
All versions before 5.2.24.release, all versions starting from 5.3.0 before 5.3.27, all versions starting from 6.0.0 before 6.0.8
Upgrade to versions 5.3.27, 6.0.8, 5.2.24.RELEASE or above.
2024-02-05
source |