CVE-2023-34055
5.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Summary
In Spring Boot versions 2.7.0 - 2.7.17, 3.0.0-3.0.12 and 3.1.0-3.1.5, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service (DoS) condition.
Specifically, an application is vulnerable when all of the following are true:
- the application uses Spring MVC or Spring WebFlux
- org.springframework.boot:spring-boot-actuator is on the classpath
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Spring | Spring Boot | 2.7.0 < 2.7.18 | affected |
| Spring | Spring Boot | 3.0.0 < 3.0.13 | affected |
| Spring | Spring Boot | 3.1.0 < 3.1.6 | affected |
| Spring | Spring Boot | older unsupported versions | affected |
Weaknesses
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.