Search for packages
| purl | pkg:rpm/redhat/ovirt-dependencies@4.5.3-1?arch=el8ev |
| Next non-vulnerable version | None. |
| Latest non-vulnerable version | None. |
| Risk | 4.5 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-afh4-nhxq-y3he
Aliases: CVE-2023-20860 GHSA-7phw-cxx7-q9vq |
Spring Framework is vulnerable to security bypass via mvcRequestMatcher pattern mismatch Spring Framework running version 6.0.0 - 6.0.6 or 5.3.0 - 5.3.25 using "**" as a pattern in Spring Security configuration with the mvcRequestMatcher creates a mismatch in pattern matching between Spring Security and Spring MVC, and the potential for a security bypass. | There are no reported fixed by versions. |
|
VCID-z3th-j593-m7bg
Aliases: CVE-2023-20861 GHSA-564r-hj7v-mcr5 |
Spring Framework vulnerable to denial of service via specially crafted SpEL expression In Spring Framework versions 6.0.0 - 6.0.6, 5.3.0 - 5.3.25, 5.2.0.RELEASE - 5.2.22.RELEASE, and older unsupported versions, it is possible for a user to provide a specially crafted SpEL expression that may cause a denial-of-service (DoS) condition. | There are no reported fixed by versions. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-04-01T13:54:42.675072+00:00 | RedHat Importer | Affected by | VCID-z3th-j593-m7bg | https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-20861.json | 38.0.0 |
| 2026-04-01T13:54:42.540231+00:00 | RedHat Importer | Affected by | VCID-afh4-nhxq-y3he | https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-20860.json | 38.0.0 |