Spring Expression is vulnerable to denial of service. The vulnerability exists due to the creation of large array in a SpEL and sending meaningless error messages to the user which allows an attacker to send crafted SpEL expressions that leads to an out ouf bound error causing an application crash.
github.com/advisories/GHSA-558x-2xjg-6232
github.com/spring-projects/spring-framework/commit/83ac65915871067c39a4fb255e0d484c785c0c11
github.com/spring-projects/spring-framework/commit/90cfde985ef08e8372ffefda2156f8091f65efe6
github.com/spring-projects/spring-framework/releases/tag/v5.2.20.RELEASE
github.com/spring-projects/spring-framework/releases/tag/v5.3.17
tanzu.vmware.com/security/cve-2022-22950