org.springframework:spring-core@6.0.15 vulnerabilities
-
latest version
6.1.9
-
latest non vulnerable version
-
first published
19 years ago
-
latest version published
2 months ago
-
licenses detected
- [0,)
-
package manager
Direct Vulnerabilities
Known vulnerabilities in the org.springframework:spring-core package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.| Vulnerability | Vulnerable Version |
|---|---|
org.springframework:spring-core is a core package within the spring-framework that contains multiple classes and utilities. Affected versions of this package are vulnerable to Uncontrolled Resource Consumption ('Resource Exhaustion') via specially crafted HTTP requests. An attacker can cause a denial-of-service condition by sending malicious requests that exploit this issue. Notes: This is only exploitable if the application uses Spring MVC and Spring Security 6.1.6+ or 6.2.1+ is on the classpath. Typically, Spring Boot applications need the How to fix Uncontrolled Resource Consumption ('Resource Exhaustion')? Upgrade |
[6.0.15,6.0.16)
[6.1.2,6.1.3)
|