CVE-2024-38808

EPSS 0.27%
Veröffentlicht 20.08.2024 08:15:05
Zuletzt bearbeitet 18.06.2025 12:10:28
Quelle security@vmware.com
Teams Watchlist Login
Unerledigt Login

In Spring Framework versions 5.3.0 - 5.3.38 and older unsupported versions, it is possible for a user to provide a specially crafted Spring Expression Language (SpEL) expression that may cause a denial of service (DoS) condition.

Specifically, an application is vulnerable when the following is true:

  *  The application evaluates user-supplied SpEL expressions.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

VMware ≫ Spring Framework Version >= 5.3.0 < 5.3.39

Netapp ≫ Active Iq Unified Manager Version- SwPlatformlinux

Netapp ≫ Active Iq Unified Manager Version- SwPlatformvmware_vsphere

Netapp ≫ Active Iq Unified Manager Version- SwPlatformwindows

Netapp ≫ Oncommand Insight Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.27%	0.505

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
security@vmware.com	4.3	2.8	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

CWE-770 Allocation of Resources Without Limits or Throttling

The product allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor.

https://spring.io/security/cve-2024-38808

Vendor Advisory

https://security.netapp.com/advisory/ntap-20240920-0002/

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2024-38808

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-38808

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-38808

EUVD