Description
Update org.springframework_spring-core from 5.3.24 to 5.3.26 or 6.0.7. This will remediate https://nvd.nist.gov/vuln/detail/CVE-2023-20861
Twistlock scan reported this as high severity vulnerability in NiFi Registry version 1.20.0.
Impacted versions: >=5.3.0 and <5.3.26 Discovered: less than an hour ago Published: 7 hours ago |
In Spring Framework versions 6.0.0 - 6.0.6, 5.3.0 - 5.3.25, 5.2.0.RELEASE - 5.2.22.RELEASE, and older unsupported versions, it is possible for a user to provide a specially crafted SpEL expression that may cause a denial-of-service (DoS) condition.
Attachments
Issue Links
- duplicates
-
NIFI-11320 Upgrade Spring Framework to 5.3.26 and Spring Security to 5.8.2
- Resolved