org.springframework:spring-expression 6.2.15

Direct Vulnerabilities

Known vulnerabilities in the org.springframework:spring-expression package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free

Vulnerability	Vulnerable Version
M Exposed Dangerous Method or Function Affected versions of this package are vulnerable to Exposed Dangerous Method or Function via Spring Expression Language (SpEL) method invocation handling. An attacker can invoke arbitrary zero-argument methods by supplying crafted SpEL expressions, even in contexts intended to restrict method execution or provide read-only access. This may allow execution of unintended application logic and access to functionality that should not be exposed through expression evaluation. Note: This is only exploitable if the application accepts and evaluates untrusted or user-controlled SpEL expressions. How to fix Exposed Dangerous Method or Function? Upgrade `org.springframework:spring-expression` to version 6.0.0, 6.2.19, 7.0.8 or higher.	[5.3.0,6.0.0)[6.1.0,6.2.19)[7.0.0-M1,7.0.8)
H Inefficient Algorithmic Complexity Affected versions of this package are vulnerable to Inefficient Algorithmic Complexity via evaluation of user-controlled Spring Expression Language (SpEL) expressions. An attacker can cause denial of service by supplying specially crafted SpEL expressions that trigger excessive CPU or memory consumption during expression evaluation, leading to application degradation or unavailability. How to fix Inefficient Algorithmic Complexity? Upgrade `org.springframework:spring-expression` to version 6.0.0, 6.2.19, 7.0.8 or higher.	[5.3.0,6.0.0)[6.1.0,6.2.19)[7.0.0-M1,7.0.8)

Vulnerability

Vulnerable Version

Exposed Dangerous Method or Function

Affected versions of this package are vulnerable to Exposed Dangerous Method or Function via Spring Expression Language (SpEL) method invocation handling. An attacker can invoke arbitrary zero-argument methods by supplying crafted SpEL expressions, even in contexts intended to restrict method execution or provide read-only access. This may allow execution of unintended application logic and access to functionality that should not be exposed through expression evaluation.

Note: This is only exploitable if the application accepts and evaluates untrusted or user-controlled SpEL expressions.

How to fix Exposed Dangerous Method or Function?

Upgrade org.springframework:spring-expression to version 6.0.0, 6.2.19, 7.0.8 or higher.

[5.3.0,6.0.0)[6.1.0,6.2.19)[7.0.0-M1,7.0.8)

Inefficient Algorithmic Complexity

Affected versions of this package are vulnerable to Inefficient Algorithmic Complexity via evaluation of user-controlled Spring Expression Language (SpEL) expressions. An attacker can cause denial of service by supplying specially crafted SpEL expressions that trigger excessive CPU or memory consumption during expression evaluation, leading to application degradation or unavailability.

How to fix Inefficient Algorithmic Complexity?

Upgrade org.springframework:spring-expression to version 6.0.0, 6.2.19, 7.0.8 or higher.

[5.3.0,6.0.0)[6.1.0,6.2.19)[7.0.0-M1,7.0.8)

org.springframework:spring-expression@6.2.15

latest version

latest non vulnerable version

first published

latest version published

licenses detected

package registry

Direct Vulnerabilities

Fix vulnerabilities automatically