Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:maven/org.springframework/spring-expression@6.0.7

Type maven

Namespace org.springframework

Name spring-expression

Version 6.0.7

Qualifiers

Subpath

Is_vulnerable false

Next_non_vulnerable_version 6.0.8

Latest_non_vulnerable_version 6.0.8

Affected_by_vulnerabilities

Fixing_vulnerabilities

url VCID-amxf-c3z4-gbhk

vulnerability_id VCID-amxf-c3z4-gbhk

summary

Spring Framework vulnerable to denial of service via specially crafted SpEL expression
In Spring Framework versions 6.0.0 - 6.0.6, 5.3.0 - 5.3.25, 5.2.0.RELEASE - 5.2.22.RELEASE, and older unsupported versions, it is possible for a user to provide a specially crafted SpEL expression that may cause a denial-of-service (DoS) condition.

references

reference_url	https://github.com/spring-projects/spring-framework/commit/430fc25acad2e85cbdddcd52b64481691f03ebd1
reference_id
reference_type
scores
url	https://github.com/spring-projects/spring-framework/commit/430fc25acad2e85cbdddcd52b64481691f03ebd1

reference_url	https://security.netapp.com/advisory/ntap-20230420-0007/
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20230420-0007/

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2023-20861
reference_id	CVE-2023-20861
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2023-20861

reference_url	https://spring.io/security/cve-2023-20861
reference_id	CVE-2023-20861
reference_type
scores
url	https://spring.io/security/cve-2023-20861

reference_url	https://github.com/advisories/GHSA-564r-hj7v-mcr5
reference_id	GHSA-564r-hj7v-mcr5
reference_type
scores
url	https://github.com/advisories/GHSA-564r-hj7v-mcr5

fixed_packages

url	pkg:maven/org.springframework/spring-expression@5.2.23.RELEASE
purl	pkg:maven/org.springframework/spring-expression@5.2.23.RELEASE
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-expression@5.2.23.RELEASE

url	pkg:maven/org.springframework/spring-expression@5.3.26
purl	pkg:maven/org.springframework/spring-expression@5.3.26
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-expression@5.3.26

url	pkg:maven/org.springframework/spring-expression@6.0.7
purl	pkg:maven/org.springframework/spring-expression@6.0.7
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-expression@6.0.7

aliases CVE-2023-20861, GHSA-564r-hj7v-mcr5

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-amxf-c3z4-gbhk

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-expression@6.0.7

Package Instance