DEBIAN-CVE-2024-38808

DEBIAN-CVE-2024-38808 PUBLISHED CVSS 4.300000190734863 MEDIUM

In Spring Framework versions 5.3.0 - 5.3.38 and older unsupported versions, it is possible for a user to provide a specially crafted Spring Expression Language (SpEL) expression that may cause a denial of service (DoS) condition. Specifically, an application is vulnerable when the following is true: * The application evaluates user-supplied SpEL expressions.

Risk Scores

CVSS v3.1

4.300000190734863

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

Affected Products

Vendor	Product	Versions
Debian:14	libspring-java	0, 4.3.30-3, 4.3.30-4
Debian:13	libspring-java	4.3.30-4, 4.3.30-3, 0
Debian:12	libspring-java	4.3.30-3, 4.3.30-4, 4.3.30-3
Debian:11	libspring-java	4.3.30-1, 4.3.30-2, 4.3.30-3

Timeline

Aug 20, 2024 CVE Published
Apr 28, 2026 CVE Updated

References

https://security-tracker.debian.org/tracker/CVE-2024-38808 advisory

Open in Interactive Console →