Org.springframework:spring-expression
This hub aggregates every CVE we track for Org.springframework:spring-expression, a product in the oss libraries space. Use it to gauge the current risk picture and drill into individual advisories.
4
CVEs tracked
0
Critical
0
High
0
In CISA KEV
Severity distribution
MEDIUM4
Monthly trend
0
1
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
2024-072026-06
Latest CVEs
The 4 most recently published vulnerabilities affecting Org.springframework:spring-expression.
- CVE-2024-38808CVE-2024-38808: Spring Expression DoS Vulnerability4.3
- CVE-2023-20863In spring framework versions prior to 5.2.24 release+ ,5.3.27+ and 6.0.8+ , it is possible for a user to provide a specially crafted SpEL expression that may cause a denial-of-service (DoS) condition.6.5
- CVE-2023-20861In Spring Framework versions 6.0.0 - 6.0.6, 5.3.0 - 5.3.25, 5.2.0.RELEASE - 5.2.22.RELEASE, and older unsupported versions, it is possible for a user to provide a specially crafted SpEL expression ...6.5
- CVE-2022-22950n Spring Framework versions 5.3.0 - 5.3.16 and older unsupported versions, it is possible for a user to provide a specially crafted SpEL expression that may cause a denial of service condition.6.5
Product normalization is registry-driven with AI assist and human review. How it works