CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2024-22233

In Spring Framework versions 6.0.15 and 6.1.2, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service (DoS) condition. Specifically, an application is vulnerable when all of the following are true: * the application uses Spring MVC * Spring Security 6.1.6+ or 6.2.1+ is on the classpath Typically, Spring Boot applications need the org.springframework.boot:spring-boot-starter-web and org.springframework.boot:spring-boot-starter-security dependencies to meet all conditions.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.011

EPSS Ranking 76.9%

CVSS Severity

CVSS v3 Score 7.5

References

https://security.netapp.com/advisory/ntap-20240614-0005/
https://spring.io/security/cve-2024-22233/
https://security.netapp.com/advisory/ntap-20240614-0005/
https://spring.io/security/cve-2024-22233/

Products affected by CVE-2024-22233

Vmware » Spring Framework » Version: 6.0.15

cpe:2.3:a:vmware:spring_framework:6.0.15
Vmware » Spring Framework » Version: 6.1.2

cpe:2.3:a:vmware:spring_framework:6.1.2

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2024-22233

Products

Pricing

Contact Us