Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allocation of Resources Without Limits or Throttling SNYK-JAVA-ORGSPRINGFRAMEWORK-7687446 #933

Open
github-actions bot opened this issue Aug 19, 2024 · 0 comments
Open

Allocation of Resources Without Limits or Throttling SNYK-JAVA-ORGSPRINGFRAMEWORK-7687446 #933

github-actions bot opened this issue Aug 19, 2024 · 0 comments
Labels
medium Snyk

Comments

@github-actions
Copy link

Overview

Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling. Note: An application is vulnerable when the following is true:

The application evaluates user-supplied SpEL expressions.

Workaround

Evaluation of user-supplied SpEL expressions should be avoided when possible; otherwise, user-supplied SpEL expressions should be evaluated with a SimpleEvaluationContext in read-only mode. No other steps are necessary.

Remediation

Upgrade org.springframework:spring-expression to version 5.3.39 or higher.

References
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
medium Snyk
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
0 participants