Description
In Spring Boot versions 2.7.0 - 2.7.17, 3.0.0-3.0.12 and 3.1.0-3.1.5, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service (DoS) condition. Specifically, an application is vulnerable when all of the following are true: * the application uses Spring MVC or Spring WebFlux * org.springframework.boot:spring-boot-actuator is on the classpath
Remediation
References
https://spring.io/security/cve-2023-34055
https://security.netapp.com/advisory/ntap-20231221-0010/
Related Vulnerabilities
CVE-2020-13947 Vulnerability in maven package org.apache.activemq:activemq-web-console
CVE-2023-29513 Vulnerability in maven package org.xwiki.platform:xwiki-platform-web-templates
CVE-2020-26870 Vulnerability in npm package dompurify
CVE-2020-6537 Vulnerability in maven package org.webjars.npm:electron
CVE-2017-17837 Vulnerability in maven package org.apache.deltaspike.modules:jsf-module-project