CVE-2024-38808 Information

Description

In Spring Framework versions 5.3.0 - 5.3.38 and older unsupported versions it is possible for a user to provide a specially crafted Spring Expression Language (SpEL) expression that may cause a denial of service (DoS) condition.

Specifically an application is vulnerable when the following is true:

The application evaluates user-supplied SpEL expressions.

Reference

https://spring.io/security/cve-2024-38808