Loading HuntDB...

GHSA-r4q3-7g4q-x89m

GitHub Security Advisory

Spring Framework server Web DoS Vulnerability

✓ GitHub Reviewed HIGH Has CVE

Advisory Details

In Spring Framework versions 6.0.15 and 6.1.2, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service (DoS) condition.

Specifically, an application is vulnerable when all of the following are true:

* the application uses Spring MVC
* Spring Security 6.1.6+ or 6.2.1+ is on the classpath

Typically, Spring Boot applications need the org.springframework.boot:spring-boot-starter-web and org.springframework.boot:spring-boot-starter-security dependencies to meet all conditions.

Affected Packages

Maven org.springframework:spring-core
Affected versions: 6.1.2 (fixed in 6.1.3)
Maven org.springframework:spring-core
Affected versions: 6.0.15 (fixed in 6.0.16)

Related CVEs

Key Information

GHSA ID
GHSA-r4q3-7g4q-x89m
Published
January 22, 2024 3:30 PM
Last Modified
June 20, 2025 10:18 PM
CVSS Score
7.5 /10
Primary Ecosystem
Maven
Primary Package
org.springframework:spring-core
GitHub Reviewed
✓ Yes

Dataset

Last updated: September 19, 2025 6:29 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.