CVE-2023-34053
5.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Summary
In Spring Framework versions 6.0.0 - 6.0.13, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service (DoS) condition.
Specifically, an application is vulnerable when all of the following are true:
- the application uses Spring MVC or Spring WebFlux
- io.micrometer:micrometer-core is on the classpath
- an ObservationRegistry is configured in the application to record observations
Typically, Spring Boot applications need the org.springframework.boot:spring-boot-actuator dependency to meet all conditions.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Spring | Spring Framework | 6.0.0 < 6.0.14 | affected |
Weaknesses
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.