Vulnerable Package issue exists @ Maven-org.springframework:spring-expression-3.0.5.RELEASE in branch master
In Spring Framework versions 5.3.0 through 5.3.16, and older unsupported versions, it is possible for a user to provide a specially crafted SpEL expression that may cause a denial of service condition.
Namespace: srcdevel1
Repository: dvja
Repository Url: https://github.com/srcdevel1/dvja
CxAST-Project: srcdevel1/dvja
CxAST platform scan: 275e3e87-21b4-460d-8d79-5eeebeb21604
Branch: master
Application: dvja
Severity: MEDIUM
State: NOT_IGNORED
Status: RECURRENT
CWE: CWE-770
Addition Info
Attack vector: NETWORK
Attack complexity: LOW
Confidentiality impact: NONE
Availability impact: LOW
Remediation Upgrade Recommendation: 5.3.17
References
Advisory
Advisory
Blog Post
Release Note
Issue
Commit
Vulnerable Package issue exists @ Maven-org.springframework:spring-expression-3.0.5.RELEASE in branch master
In Spring Framework versions 5.3.0 through 5.3.16, and older unsupported versions, it is possible for a user to provide a specially crafted SpEL expression that may cause a denial of service condition.
Namespace: srcdevel1
Repository: dvja
Repository Url: https://github.com/srcdevel1/dvja
CxAST-Project: srcdevel1/dvja
CxAST platform scan: 275e3e87-21b4-460d-8d79-5eeebeb21604
Branch: master
Application: dvja
Severity: MEDIUM
State: NOT_IGNORED
Status: RECURRENT
CWE: CWE-770
Addition Info
Attack vector: NETWORK
Attack complexity: LOW
Confidentiality impact: NONE
Availability impact: LOW
Remediation Upgrade Recommendation: 5.3.17
References
Advisory
Advisory
Blog Post
Release Note
Issue
Commit