CVE-2024-22233
- Source
- https://cve.org/CVERecord?id=CVE-2024-22233
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-22233.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2024-22233
- Aliases
- Related
- Published
- 2024-01-22T12:16:15.223Z
- Modified
- 2026-05-18T05:56:01.585302246Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- CVE-2024-22233: Spring Framework server Web DoS Vulnerability
- Details
-
In Spring Framework versions 6.0.15 and 6.1.2, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service (DoS) condition.
Specifically, an application is vulnerable when all of the following are true:
- the application uses Spring MVC
- Spring Security 6.1.6+ or 6.2.1+ is on the classpath
Typically, Spring Boot applications need the org.springframework.boot:spring-boot-starter-web and org.springframework.boot:spring-boot-starter-security dependencies to meet all conditions.
- Database specific
{ "unresolved_ranges": [ { "source": "AFFECTED_FIELD", "extracted_events": [ { "last_affected": "6.1.2" }, { "last_affected": "6.0.15" } ] } ], "cna_assigner": "vmware", "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/22xxx/CVE-2024-22233.json" }- References
Affected packages
Git / github.com/spring-projects/spring-framework
Affected ranges
- Type
- GIT
- Repo
- https://github.com/spring-projects/spring-framework
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affectedLast affected
- Database specific
{ "cpe": [ "cpe:2.3:a:vmware:spring_framework:6.0.15:*:*:*:*:*:*:*", "cpe:2.3:a:vmware:spring_framework:6.1.2:*:*:*:*:*:*:*" ], "source": "CPE_FIELD", "extracted_events": [ { "introduced": "0" }, { "last_affected": "6.0.15" }, { "last_affected": "6.1.2" } ] }