{
  "threat_severity" : "Moderate",
  "public_date" : "2023-04-13T00:00:00Z",
  "bugzilla" : {
    "description" : "springframework: Spring Expression DoS Vulnerability",
    "id" : "2187742",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2187742"
  },
  "cvss3" : {
    "cvss3_base_score" : "6.5",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
    "status" : "verified"
  },
  "cwe" : "CWE-400",
  "details" : [ "In spring framework versions prior to 5.2.24 release+ ,5.3.27+ and 6.0.8+ , it is possible for a user to provide a specially crafted SpEL expression that may cause a denial-of-service (DoS) condition.", "A flaw was found in Spring Framework. Certain versions of Spring Framework's Expression Language were not restricting the size of Spring Expressions. This could allow an attacker to craft a malicious Spring Expression to cause a denial of service on the server." ],
  "affected_release" : [ {
    "product_name" : "RHINT Camel-Springboot 3.18.3.P1",
    "release_date" : "2023-05-03T00:00:00Z",
    "advisory" : "RHSA-2023:2099",
    "cpe" : "cpe:/a:redhat:camel_spring_boot:3.18.3",
    "package" : "springframework"
  }, {
    "product_name" : "RHINT Camel-Springboot 3.20.1",
    "release_date" : "2023-05-03T00:00:00Z",
    "advisory" : "RHSA-2023:2100",
    "cpe" : "cpe:/a:redhat:camel_spring_boot:3.20.1",
    "package" : "springframework"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Fuse 7",
    "fix_state" : "Affected",
    "package_name" : "springframework",
    "cpe" : "cpe:/a:redhat:jboss_fuse:7",
    "impact" : "moderate"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2023-20863\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-20863\nhttps://spring.io/security/cve-2023-20863" ],
  "name" : "CVE-2023-20863",
  "csaw" : false
}