Spring Framework is vulnerable to Denial of Service (DoS). The vulnerability is due to a lack of max repeated words and max number of character logic in the Spring Expression Language parser located in the getValueInternal
function of OpMultiply
and the getValueInternal
function in OperatorMatches
, which can trigger an infinite loop and consume excessive CPU memory, possibly leading to a system crash.
github.com/sbrannen/spring-framework/commit/4542b531035eaaf7765f4557ab433e6695bfa1a9
github.com/spring-projects/spring-framework/commit/26e0343c1638d59a28a7991bfcaed32dbc4996e4
github.com/spring-projects/spring-framework/commit/4d5e7207f20a140258495ad72923c2259e3c800f
github.com/spring-projects/spring-framework/commit/5529294ec975f8a309161797670d68c3f0eeab7f
github.com/spring-projects/spring-framework/commit/8010de8b63057af06984df5c7550ba99d006e909
github.com/spring-projects/spring-framework/commit/b9b31afcc905cd9d5e63739ff5920d849f7f20f0
security.netapp.com/advisory/ntap-20230420-0007/
spring.io/security/cve-2023-20861