Spring-boot-actuator Vulnerability

Issue date: 06-11-2024
Affects versions: 15.7, 14.7

Security Issue ID

SECURITY-513

Affected Product Version(s)

15.6.0, 14.7.21 (and previous patch releases)

Severity

Medium

Description

CVE-2023-34055

In Spring Boot versions 2.7.0 - 2.7.17, 3.0.0-3.0.12 and 3.1.0-3.1.5, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service (DoS) condition. Specifically, an application is vulnerable when all of the following are true: * the application uses Spring MVC or Spring WebFlux * org.springframework.boot:spring-boot-actuator is on the classpath.

CVSS v3 Base Score: 6.5

Instructions

Customers are recommended to upgrade to the latest version. As of the time of writing, 14.7.22, 15.7.0 or 16.1.0.

Get Started

Build a Website

Relevance Trail

Feed an AngularJS App

Deploy in BloomReach Cloud

Use Blue-Green Deployment in BloomReach Cloud

Understand

Implement

Extend

Integrate

Run

Upgrade

Develop

Use

Bloomreach Documentation version

Spring-boot-actuator Vulnerability