Uploaded image for project: 'Geode'
  1. Geode
  2. GEODE-10450

Update spring version for CVE-2023-20861

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Open
    • Major
    • Resolution: Unresolved
    • 1.15.1
    • None
    • None

    Description

      As per https://nvd.nist.gov/vuln/detail/CVE-2023-20861,

      "In Spring Framework versions 6.0.0 - 6.0.6, 5.3.0 - 5.3.25, 5.2.0.RELEASE - 5.2.22.RELEASE, and older unsupported versions, it is possible for a user to provide a specially crafted SpEL expression that may cause a denial-of-service (DoS) condition."

       

      Geode bundles version 5.3.20 which is vulnerable as per the CVE.

      Attachments

        Activity

          People

            Unassigned Unassigned
            mittalankush Ankush Mittal
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated: