Get ahead
VMware offers training and certification to turbo-charge your progress.
Learn moreIn Spring Framework versions 5.3.0 - 5.3.16, 5.2.0 - 5.2.19, and older unsupported versions, it is possible for a user to provide a specially crafted SpEL expression that may cause a denial of service condition.
Spring Framework:
| Fix version | Availability |
|---|---|
| 5.3.17 | OSS |
| 5.2.20 | OSS |
No further mitigation steps are necessary.
This vulnerability was initially discovered and responsibly reported by 4ra1n.
To report a security vulnerability for a project within the Spring portfolio, see the Security Policy