Vulnerability CVE-2024-38808


Published: 2024-08-20

Description:
In Spring Framework versions 5.3.0 - 5.3.38 and older unsupported versions, it is possible for a user to provide a specially crafted Spring Expression Language (SpEL) expression that may cause a denial of service (DoS) condition.

Specifically, an application is vulnerable when the following is true:

* The application evaluates user-supplied SpEL expressions.

 References:
https://spring.io/security/cve-2024-38808

Copyright 2026, cxsecurity.com

 

Back to Top