Get ahead
VMware offers training and certification to turbo-charge your progress.
Learn moreIn Spring Framework, it is possible for a user to provide a specially crafted SpEL expression that may cause a denial-of-service (DoS) condition.
Spring Framework:
| Fix version | Availability |
|---|---|
| 6.0.7 | OSS |
| 5.3.26 | OSS |
| 5.2.23.RELEASE | OSS |
No further mitigation steps are necessary.
This vulnerability was initially discovered and responsibly reported by the Google OSS-Fuzz team from Code Intelligence.
To report a security vulnerability for a project within the Spring portfolio, see the Security Policy