CVE-2023-29986 — Vulnetix

CVE-2023-29986 PUBLISHED

n Spring Framework versions 5.3.0 - 5.3.16 and older unsupported versions, it is possible for a user to provide a specially crafted SpEL expression that may cause a denial of service condition.

EPSS 0.37% · 59.1th percentile

Risk Scores

EPSS Score

0.37%

59.1th percentile

Affected Products

Vendor	Product	Versions
n/a	Spring Framework	Spring Framework versions 5.3.X prior to 5.3.17+ and all old and unsupported versions

Timeline

Apr 7, 2022 PoC Published
May 11, 2023 CVE Published
May 11, 2023 EPSS Score
Jun 17, 2023 EPSS Score
Jul 23, 2023 EPSS Score
Aug 29, 2023 EPSS Score
Oct 5, 2023 EPSS Score
Oct 21, 2023 PoC Published
Nov 10, 2023 EPSS Score
Dec 17, 2023 EPSS Score
Jan 23, 2024 EPSS Score
Feb 28, 2024 EPSS Score

References

https://www.ibm.com/support/pages/node/7144944 advisory
https://www.ibm.com/support/pages/node/7144861 advisory
https://tanzu.vmware.com/security/cve-2022-22950 url

Open in Interactive Console →