VMware offers training and certification to turbo-charge your progress.Learn more
In Spring Framework versions 6.0.15 and 6.1.2, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service (DoS) condition.
Specifically, an application is vulnerable when all of the following are true:
Typically, Spring Boot applications need the
org.springframework.boot:spring-boot-starter-security dependencies to meet all conditions.
Older versions are not affected.
Those versions are respectively being used by Spring Boot 3.1.7 and 3.2.1.
Users of affected versions should apply the following mitigation.
No other steps are necessary.
The issue was identified and responsibly reported by