📂 Vulnerable Library - spring-boot-autoconfigure-2.7.5.jar
Spring Boot AutoConfigure
Library home page: https://spring.io/projects/spring-boot
Path to dependency file: /telegrambots-spring-boot-starter/pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/boot/spring-boot-autoconfigure/2.7.5/spring-boot-autoconfigure-2.7.5.jar
Findings
| Finding |
Severity |
🎯 CVSS |
Exploit Maturity |
EPSS |
Library |
Type |
Fixed in |
Remediation Available |
Reachability |
| CVE-403178-925037 |
🟣 Critical |
9.8 |
N/A |
N/A |
spring-boot-autoconfigure-2.7.5.jar |
Direct |
N/A |
❌ |
|
| CVE-2023-20883 |
🔴 High |
8.7 |
Not Defined |
< 1% |
spring-boot-autoconfigure-2.7.5.jar |
Direct |
org.springframework.boot:spring-boot-autoconfigure:3.0.7,org.springframework.boot:spring-boot-autoconfigure:2.5.15,org.springframework.boot:spring-boot-autoconfigure:2.6.15,org.springframework.boot:spring-boot-autoconfigure:2.7.12 |
✅ |
 Unreachable |
Details
🟣CVE-403178-925037
Vulnerable Library - spring-boot-autoconfigure-2.7.5.jar
Spring Boot AutoConfigure
Library home page: https://spring.io/projects/spring-boot
Path to dependency file: /telegrambots-spring-boot-starter/pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/boot/spring-boot-autoconfigure/2.7.5/spring-boot-autoconfigure-2.7.5.jar
Dependency Hierarchy:
- ❌ spring-boot-autoconfigure-2.7.5.jar (Vulnerable Library)
Vulnerability Details
Created automatically by the test suite
Publish Date: Jun 07, 2010 05:12 PM
URL: CVE-403178-925037
Threat Assessment
Exploit Maturity:N/A
EPSS:N/A
Score: 9.8
Suggested Fix
Type: Upgrade version
Origin:
Release Date:
Fix Resolution :
🔴CVE-2023-20883
Vulnerable Library - spring-boot-autoconfigure-2.7.5.jar
Spring Boot AutoConfigure
Library home page: https://spring.io/projects/spring-boot
Path to dependency file: /telegrambots-spring-boot-starter/pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/boot/spring-boot-autoconfigure/2.7.5/spring-boot-autoconfigure-2.7.5.jar
Dependency Hierarchy:
- ❌ spring-boot-autoconfigure-2.7.5.jar (Vulnerable Library)
Reachability Analysis
The vulnerable code is unreachable
Vulnerability Details
In Spring Boot versions 3.0.0 - 3.0.6, 2.7.0 - 2.7.11, 2.6.0 - 2.6.14, 2.5.0 - 2.5.14 and older unsupported versions, there is potential for a denial-of-service (DoS) attack if Spring MVC is used together with a reverse proxy cache.
Publish Date: May 26, 2023 12:00 AM
URL: CVE-2023-20883
Threat Assessment
Exploit Maturity:Not Defined
EPSS:< 1%
Score: 8.7
Suggested Fix
Type: Upgrade version
Origin: GHSA-xf96-w227-r7c4
Release Date: May 26, 2023 12:00 AM
Fix Resolution : org.springframework.boot:spring-boot-autoconfigure:3.0.7,org.springframework.boot:spring-boot-autoconfigure:2.5.15,org.springframework.boot:spring-boot-autoconfigure:2.6.15,org.springframework.boot:spring-boot-autoconfigure:2.7.12
📂 Vulnerable Library - spring-boot-autoconfigure-2.7.5.jar
Spring Boot AutoConfigure
Library home page: https://spring.io/projects/spring-boot
Path to dependency file: /telegrambots-spring-boot-starter/pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/boot/spring-boot-autoconfigure/2.7.5/spring-boot-autoconfigure-2.7.5.jar
Findings
Details
🟣CVE-403178-925037
Vulnerable Library - spring-boot-autoconfigure-2.7.5.jar
Spring Boot AutoConfigure
Library home page: https://spring.io/projects/spring-boot
Path to dependency file: /telegrambots-spring-boot-starter/pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/boot/spring-boot-autoconfigure/2.7.5/spring-boot-autoconfigure-2.7.5.jar
Dependency Hierarchy:
Vulnerability Details
Created automatically by the test suite
Publish Date: Jun 07, 2010 05:12 PM
URL: CVE-403178-925037
Threat Assessment
Exploit Maturity:N/A
EPSS:N/A
Score: 9.8
Suggested Fix
Type: Upgrade version
Origin:
Release Date:
Fix Resolution :
🔴CVE-2023-20883
Vulnerable Library - spring-boot-autoconfigure-2.7.5.jar
Spring Boot AutoConfigure
Library home page: https://spring.io/projects/spring-boot
Path to dependency file: /telegrambots-spring-boot-starter/pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/boot/spring-boot-autoconfigure/2.7.5/spring-boot-autoconfigure-2.7.5.jar
Dependency Hierarchy:
Reachability Analysis
The vulnerable code is unreachable
Vulnerability Details
In Spring Boot versions 3.0.0 - 3.0.6, 2.7.0 - 2.7.11, 2.6.0 - 2.6.14, 2.5.0 - 2.5.14 and older unsupported versions, there is potential for a denial-of-service (DoS) attack if Spring MVC is used together with a reverse proxy cache.
Publish Date: May 26, 2023 12:00 AM
URL: CVE-2023-20883
Threat Assessment
Exploit Maturity:Not Defined
EPSS:< 1%
Score: 8.7
Suggested Fix
Type: Upgrade version
Origin: GHSA-xf96-w227-r7c4
Release Date: May 26, 2023 12:00 AM
Fix Resolution : org.springframework.boot:spring-boot-autoconfigure:3.0.7,org.springframework.boot:spring-boot-autoconfigure:2.5.15,org.springframework.boot:spring-boot-autoconfigure:2.6.15,org.springframework.boot:spring-boot-autoconfigure:2.7.12