In Spring Framework versions 5.3.0 - 5.3.38 and older unsupported versions, it is possible for a user to provide a specially crafted Spring Expression Language (SpEL) expression that may cause a denial of service (DoS) condition. Specifically, an application is vulnerable when the following is true: * The application evaluates user-supplied SpEL expressions.
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| org.springframework:spring-expression(Maven) | 0 | 5.3.39 | N/A |
CVSS Metrics
