VMware Spring Framework 6.0.7

CPE Details

VMware Spring Framework 6.0.7
vmware
spring_framework
6.0.7
2023-04-03
14h26 +00:00
2023-07-07
17h47 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:vmware:spring_framework:6.0.7:*:*:*:*:*:*:*

Informations

Vendor

vmware

Product

spring_framework

Version

6.0.7

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2024-38820 2024-10-18 05h39 +00:00 The fix for CVE-2022-22968 made disallowedFields patterns in DataBinder case insensitive. However, String.toLowerCase() has some Locale dependent exceptions that could potentially result in fields not protected as expected.
5.3
Medium
CVE-2023-34053 2023-11-28 08h10 +00:00 In Spring Framework versions 6.0.0 - 6.0.13, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service (DoS) condition. Specifically, an application is vulnerable when all of the following are true: * the application uses Spring MVC or Spring WebFlux * io.micrometer:micrometer-core is on the classpath * an ObservationRegistry is configured in the application to record observations Typically, Spring Boot applications need the org.springframework.boot:spring-boot-actuator dependency to meet all conditions.
7.5
High
CVE-2023-44794 2023-10-24 22h00 +00:00 An issue in Dromara SaToken version 1.36.0 and before allows a remote attacker to escalate privileges via a crafted payload to the URL.
9.8
Critical
CVE-2023-20863 2023-04-13 00h00 +00:00 In spring framework versions prior to 5.2.24 release+ ,5.3.27+ and 6.0.8+ , it is possible for a user to provide a specially crafted SpEL expression that may cause a denial-of-service (DoS) condition.
6.5
Medium