VulnerableCode Package Details - pkg:maven/org.springframework/spring-expression@6.0.4

Search for packages

Vulnerability	Summary	Fixed by
VCID-6ysx-5wcw-f7b5 Aliases: CVE-2023-20863 GHSA-wxqc-pxw9-g2p8	Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection') In spring framework versions prior to 5.2.24 release+,5.3.27+ and 6.0.8+, it is possible for a user to provide a specially crafted SpEL expression that may cause a denial-of-service (DoS) condition.	6.0.8 Affected by 0 other vulnerabilities.
VCID-z3th-j593-m7bg Aliases: CVE-2023-20861 GHSA-564r-hj7v-mcr5	Spring Framework vulnerable to denial of service via specially crafted SpEL expression In Spring Framework versions 6.0.0 - 6.0.6, 5.3.0 - 5.3.25, 5.2.0.RELEASE - 5.2.22.RELEASE, and older unsupported versions, it is possible for a user to provide a specially crafted SpEL expression that may cause a denial-of-service (DoS) condition.	6.0.7 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}

Vulnerability

Summary

Fixed by

VCID-6ysx-5wcw-f7b5
Aliases:
CVE-2023-20863
GHSA-wxqc-pxw9-g2p8

Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection') In spring framework versions prior to 5.2.24 release+,5.3.27+ and 6.0.8+, it is possible for a user to provide a specially crafted SpEL expression that may cause a denial-of-service (DoS) condition.

6.0.8
Affected by 0 other vulnerabilities.

VCID-z3th-j593-m7bg
Aliases:
CVE-2023-20861
GHSA-564r-hj7v-mcr5

Spring Framework vulnerable to denial of service via specially crafted SpEL expression In Spring Framework versions 6.0.0 - 6.0.6, 5.3.0 - 5.3.25, 5.2.0.RELEASE - 5.2.22.RELEASE, and older unsupported versions, it is possible for a user to provide a specially crafted SpEL expression that may cause a denial-of-service (DoS) condition.

6.0.7
Affected by 1 other vulnerability.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T22:26:50.623367+00:00	GitLab Importer	Affected by	VCID-6ysx-5wcw-f7b5	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.springframework/spring-expression/CVE-2023-20863.yml	38.4.0
2026-04-16T22:24:44.582166+00:00	GitLab Importer	Affected by	VCID-z3th-j593-m7bg	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.springframework/spring-expression/CVE-2023-20861.yml	38.4.0
2026-04-11T23:45:07.019467+00:00	GitLab Importer	Affected by	VCID-6ysx-5wcw-f7b5	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.springframework/spring-expression/CVE-2023-20863.yml	38.3.0
2026-04-11T23:42:54.643964+00:00	GitLab Importer	Affected by	VCID-z3th-j593-m7bg	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.springframework/spring-expression/CVE-2023-20861.yml	38.3.0
2026-04-02T23:48:49.151841+00:00	GitLab Importer	Affected by	VCID-6ysx-5wcw-f7b5	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.springframework/spring-expression/CVE-2023-20863.yml	38.1.0
2026-04-02T23:46:46.303547+00:00	GitLab Importer	Affected by	VCID-z3th-j593-m7bg	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.springframework/spring-expression/CVE-2023-20861.yml	38.1.0
2026-04-01T18:12:08.163840+00:00	GitLab Importer	Affected by	VCID-6ysx-5wcw-f7b5	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.springframework/spring-expression/CVE-2023-20863.yml	38.0.0
2026-04-01T18:10:01.219809+00:00	GitLab Importer	Affected by	VCID-z3th-j593-m7bg	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.springframework/spring-expression/CVE-2023-20861.yml	38.0.0