Vulnerability Details CVE-2023-34053
In Spring Framework versions 6.0.0 - 6.0.13, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service (DoS) condition.
Specifically, an application is vulnerable when all of the following are true:
* the application uses Spring MVC or Spring WebFlux
* io.micrometer:micrometer-core is on the classpath
* an ObservationRegistry is configured in the application to record observations
Typically, Spring Boot applications need the org.springframework.boot:spring-boot-actuator dependency to meet all conditions.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.005
EPSS Ranking 62.8%
CVSS Severity
CVSS v3 Score 5.3
References
Products affected by CVE-2023-34053
-
cpe:2.3:a:vmware:spring_framework:6.0.0
-
cpe:2.3:a:vmware:spring_framework:6.0.1
-
cpe:2.3:a:vmware:spring_framework:6.0.10
-
cpe:2.3:a:vmware:spring_framework:6.0.11
-
cpe:2.3:a:vmware:spring_framework:6.0.12
-
cpe:2.3:a:vmware:spring_framework:6.0.13
-
cpe:2.3:a:vmware:spring_framework:6.0.2
-
cpe:2.3:a:vmware:spring_framework:6.0.3
-
cpe:2.3:a:vmware:spring_framework:6.0.4
-
cpe:2.3:a:vmware:spring_framework:6.0.6
-
cpe:2.3:a:vmware:spring_framework:6.0.7
-
cpe:2.3:a:vmware:spring_framework:6.0.8
-
cpe:2.3:a:vmware:spring_framework:6.0.9