Vulnerabilities > Vmware > Spring Framework > 5.2.23

DATE CVE VULNERABILITY TITLE RISK
2023-04-13 CVE-2023-20863 Expression Language Injection vulnerability in VMWare Spring Framework
In spring framework versions prior to 5.2.24 release+ ,5.3.27+ and 6.0.8+ , it is possible for a user to provide a specially crafted SpEL expression that may cause a denial-of-service (DoS) condition.
network
low complexity
vmware CWE-917
6.5
2020-01-02 CVE-2016-1000027 Deserialization of Untrusted Data vulnerability in VMWare Spring Framework
Pivotal Spring Framework through 5.3.16 suffers from a potential remote code execution (RCE) issue if used for Java deserialization of untrusted data.
network
low complexity
vmware CWE-502
critical
9.8