VulnerableCode Package Details - pkg:maven/org.springframework/spring-expression@5.3.39

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-1bh8-3gb1-4ben	Spring Framework vulnerable to Denial of Service In Spring Framework versions 5.3.0 - 5.3.38 and older unsupported versions, it is possible for a user to provide a specially crafted Spring Expression Language (SpEL) expression that may cause a denial of service (DoS) condition. Older, unsupported versions are also affected. Specifically, an application is vulnerable when the following is true: * The application evaluates user-supplied SpEL expressions.	CVE-2024-38808 GHSA-9cmq-m9j5-mvww

Vulnerability

Summary

Aliases

VCID-1bh8-3gb1-4ben

Spring Framework vulnerable to Denial of Service In Spring Framework versions 5.3.0 - 5.3.38 and older unsupported versions, it is possible for a user to provide a specially crafted Spring Expression Language (SpEL) expression that may cause a denial of service (DoS) condition. Older, unsupported versions are also affected. Specifically, an application is vulnerable when the following is true: * The application evaluates user-supplied SpEL expressions.

CVE-2024-38808
GHSA-9cmq-m9j5-mvww

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T23:06:25.718964+00:00	GitLab Importer	Fixing	VCID-1bh8-3gb1-4ben	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.springframework/spring-expression/CVE-2024-38808.yml	38.4.0
2026-04-12T00:24:26.425796+00:00	GitLab Importer	Fixing	VCID-1bh8-3gb1-4ben	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.springframework/spring-expression/CVE-2024-38808.yml	38.3.0
2026-04-03T00:32:02.019093+00:00	GitLab Importer	Fixing	VCID-1bh8-3gb1-4ben	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.springframework/spring-expression/CVE-2024-38808.yml	38.1.0
2026-04-02T12:39:56.807485+00:00	GitLab Importer	Fixing	VCID-1bh8-3gb1-4ben	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.springframework/spring-expression/CVE-2024-38808.yml	38.0.0
2026-04-01T16:06:16.763409+00:00	GHSA Importer	Fixing	VCID-1bh8-3gb1-4ben	https://github.com/advisories/GHSA-9cmq-m9j5-mvww	38.0.0
2026-04-01T12:50:37.632498+00:00	GithubOSV Importer	Fixing	VCID-1bh8-3gb1-4ben	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/08/GHSA-9cmq-m9j5-mvww/GHSA-9cmq-m9j5-mvww.json	38.0.0