CVE-2009-1190 – org.springframework:spring-core

Package

Manager: maven
Name: org.springframework:spring-core
Vulnerable Version: >=1.1.0 <3.0.0.release

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:R

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

EPSS: 0.01381 pctl0.79552

Details

Spring Framework Inefficient Regular Expression Complexity Algorithmic complexity vulnerability in the java.util.regex.Pattern.compile method in Sun Java Development Kit (JDK) before 1.6, when used with spring.jar in SpringSource Spring Framework 1.1.0 through 2.5.6 and 3.0.0.M1 through 3.0.0.M2 and dm Server 1.0.0 through 1.0.2, allows remote attackers to cause a denial of service (CPU consumption) via serializable data with a long regex string containing multiple optional groups, a related issue to CVE-2004-2540.

Metadata

Created: 2022-05-02T03:22:35Z
Modified: 2022-11-08T15:00:08Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-wjjr-h4wh-w6vv/GHSA-wjjr-h4wh-w6vv.json
CWE IDs: ["CWE-1333"]
Alternative ID: GHSA-wjjr-h4wh-w6vv
Finding: F211
Auto approve: 1