Bonn, Germany, March 28, 2023 - As part of Code Intelligence’s ongoing efforts to improve the security of open-source software it continuously tests open-source projects with its JVM fuzzing engine, Jazzer, in Google’s OSS-Fuzz. Today Code Intelligence uncovered a Denial of Service (DoS) vulnerability in the Spring Framework (CVE-2023-20861). Spring is one of the most widely used frameworks for developing web applications in Java. As a result of this vulnerability, applications that rely on vulnerable versions of Spring are at a higher risk of severe availability issues.
More details on the vulnerability, along with affected versions and mitigation steps, can be found in Code Intelligence’s blog on the topic.
About Code Intelligence: