Risk Scores
CVSS v3.1
6.5
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
EPSS Score
0.49%
65.5th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| vmware | spring_session | 3.0.0 |
| Maven | org.springframework.session:spring-session-core | 3.0.0, 3.0.0 |
| n/a | Spring Session | Spring session versions 3.0.x prior to 3.0.1 |
Timeline
- Apr 13, 2023 CVE Published
- Apr 15, 2023 EPSS Score
- May 22, 2023 EPSS Score
- Jun 28, 2023 EPSS Score
- Aug 4, 2023 EPSS Score
- Sep 10, 2023 EPSS Score
- Oct 17, 2023 EPSS Score
- Nov 23, 2023 EPSS Score
- Dec 30, 2023 EPSS Score
- Feb 5, 2024 EPSS Score
- Mar 13, 2024 EPSS Score
- Apr 19, 2024 EPSS Score
References
- https://spring.io/security/cve-2023-20866 url
- https://spring.io/security/cve-2023-20862/ advisory
- https://spring.io/security/cve-2023-20873/ advisory
- https://spring.io/security/cve-2023-20883/ advisory
- https://spring.io/security/cve-2023-20866/ advisory
- https://spring.io/security/cve-2023-20860/ advisory
- https://nvd.nist.gov/vuln/detail/CVE-2023-20866 advisory
- https://github.com/spring-projects/spring-session/issues/2215 url
- https://github.com/spring-projects/spring-session/commit/c98a7be0e2ced7f795018f05397dca4bd5ca8212 url
- https://github.com/spring-projects/spring-session package