Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

GHSA-v94h-hvhg-mf9h

GitHub Security Advisory

Spring Framework vulnerable to denial of service

✓ GitHub Reviewed HIGH Has CVE
View on GitHub

Advisory Details

In Spring Framework versions 6.0.0 - 6.0.13, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service (DoS) condition.

Specifically, an application is vulnerable when all of the following are true:

* the application uses Spring MVC or Spring WebFlux
* io.micrometer:micrometer-core is on the classpath
* an ObservationRegistry is configured in the application to record observations

Typically, Spring Boot applications need the org.springframework.boot:spring-boot-actuator dependency to meet all conditions.

Affected Packages

Maven org.springframework:spring-webmvc
Affected versions: 6.0.0 (fixed in 6.0.14)

Related CVEs

CVE-2023-34053

Key Information

GHSA ID
GHSA-v94h-hvhg-mf9h
Published
November 28, 2023 9:30 AM
Last Modified
February 13, 2025 7:25 PM
CVSS Score
7.5 /10
Primary Ecosystem
Maven
Primary Package
org.springframework:spring-webmvc
GitHub Reviewed
✓ Yes

Dataset

Last updated: September 18, 2025 6:29 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.