org.springframework:spring-expression@4.3.27.RELEASE vulnerabilities

Direct Vulnerabilities

Known vulnerabilities in the org.springframework:spring-expression package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • M
Allocation of Resources Without Limits or Throttling

Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling when a user provides a very long SpEL expression.

How to fix Allocation of Resources Without Limits or Throttling?

Upgrade org.springframework:spring-expression to version 5.2.24.RELEASE, 5.3.27, 6.0.8 or higher.

[,5.2.24.RELEASE) [5.3.0,5.3.27) [6.0.0,6.0.8)
  • M
Allocation of Resources Without Limits or Throttling

Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via a crafted SpEL expression.

How to fix Allocation of Resources Without Limits or Throttling?

Upgrade org.springframework:spring-expression to version 5.2.23.RELEASE, 5.3.26, 6.0.7 or higher.

[,5.2.23.RELEASE) [5.3.0,5.3.26) [6.0.0,6.0.7)
  • M
Denial of Service (DoS)

Affected versions of this package are vulnerable to Denial of Service (DoS) by providing a specially crafted SpEL expression, that might result in an OutOfMemoryError.

How to fix Denial of Service (DoS)?

Upgrade org.springframework:spring-expression to version 5.2.20.RELEASE, 5.3.17 or higher.

[,5.2.20.RELEASE) [5.3.0,5.3.17)