Code Intelligence, an automated software security firm, has recently identified a significant Denial of Service (DoS) vulnerability (CVE-2023-20863) in the popular Spring Framework. Remarkably, this is the second DoS vulnerability that the company has uncovered in the framework within just a few weeks.
The previous vulnerability found in the Spring Framework, CVE-2023-20861, held a CVSS (Common Vulnerability Scoring System) score of 5.3. In contrast, the newfound vulnerability carries a higher CVSS score of 7.5, indicating a more severe security issue.
In their effort to enhance the security of open-source software, Code Intelligence discovered the vulnerability by testing projects with Jazzer, its JVM fuzzing engine, in the Google OSS-Fuzz program.
As a result of this vulnerability, a wide array of applications dependent on vulnerable Spring Framework versions are at great risk for server availability problems. The affected versions include:
- 6.0.0 to 6.0.7
- 5.3.0 to 5.3.26
- 5.2.0 to 5.2.23.RELEASE
Following the discovery, Code Intelligence has issued fixes to address the CVE. These remedies involve implementing limit checks on the size of repeated text, as well as controlling the length of regular expressions utilized in the matches operator.
Users affected by this vulnerability are urged to upgrade to a more recent version that encompasses these fixes. Specifically, those utilizing the 6.0.x version should upgrade to 6.0.8+, users of 5.3.x should update to 5.3.27+, and those on 5.2.x should advance to 5.2.24.RELEASE+.
Ensuring the highest security standards in application development is paramount, especially for businesses seeking a more streamlined process. No-code and low-code platforms such as AppMaster can help developers build web, mobile, and backend applications rapidly, while maintaining security and scalability. appmaster.io/blog/full-guide-on-no-code-low-code-app-development-for-2022" data-mce-href="https://appmaster.io/blog/full-guide-on-no-code-low-code-app-development-for-2022">No-code and low-code app development tools are becoming widespread, enabling organizations to create comprehensive software solutions with increased efficiency and reduced risk of vulnerabilities.
