CVE & CISA-KEV Catalog

CVE-2023-20861

MEDIUM
6.5
CVSS v3
NVD

Description

In Spring Framework versions 6.0.0 - 6.0.6, 5.3.0 - 5.3.25, 5.2.0.RELEASE - 5.2.22.RELEASE, and older unsupported versions, it is possible for a user to provide a specially crafted SpEL expression that may cause a denial-of-service (DoS) condition.

How to fix

Remediation Available
jenkinsRocky
Fixed in:0:2.401.1.1686649641-3.el8RHSA-2023:3610
Fixed in:0:2.426.3.1706515686-3.el8RHSA-2024:0778
Fixed in:0:2.401.1.1686649641-3.el8RHSA-2023:3610
Fixed in:0:2.401.1.1686680404-3.el8RHSA-2023:3622
Fixed in:0:2.426.3.1706515686-3.el8RHSA-2024:0778
Fixed in:0:2.401.1.1686680404-3.el8RHSA-2023:3622
jenkinsRed Hat / RHEL
Fixed in:0:2.426.3.1706515686-3.el8RHSA-2024:0778
Fixed in:0:2.401.1.1686680404-3.el8RHSA-2023:3622
Fixed in:0:2.401.1.1686680404-3.el8RHSA-2023:3622
Fixed in:0:2.401.1.1686649641-3.el8RHSA-2023:3610
Fixed in:0:2.426.3.1706515686-3.el8RHSA-2024:0778
Fixed in:0:2.401.1.1686649641-3.el8RHSA-2023:3610
jenkins-2-pluginsRocky
Fixed in:0:4.13.1686680473-1.el8RHSA-2023:3622
Fixed in:0:4.13.1686680473-1.el8RHSA-2023:3622
Fixed in:0:4.12.1686649756-1.el8RHSA-2023:3610
Fixed in:0:4.12.1686649756-1.el8RHSA-2023:3610
Fixed in:0:4.12.1706515741-1.el8RHSA-2024:0778
Fixed in:0:4.12.1706515741-1.el8RHSA-2024:0778
jenkins-2-pluginsRed Hat / RHEL
Fixed in:0:4.12.1706515741-1.el8RHSA-2024:0778
Fixed in:0:4.12.1686649756-1.el8RHSA-2023:3610
Fixed in:0:4.12.1686649756-1.el8RHSA-2023:3610
Fixed in:0:4.13.1686680473-1.el8RHSA-2023:3622
Fixed in:0:4.13.1686680473-1.el8RHSA-2023:3622
Fixed in:0:4.12.1706515741-1.el8RHSA-2024:0778
ovirt-dependenciesRocky
Fixed in:0:4.5.3-1.el8evRHSA-2023:3771
Fixed in:0:4.5.3-1.el8evRHSA-2023:3771
ovirt-dependenciesRed Hat / RHEL
Fixed in:0:4.5.3-1.el8evRHSA-2023:3771
Fixed in:0:4.5.3-1.el8evRHSA-2023:3771
ovirt-engineRocky
Fixed in:0:4.5.3.8-2.el8evRHSA-2023:3771
Fixed in:0:4.5.3.8-2.el8evRHSA-2023:3771
ovirt-engineRed Hat / RHEL
Fixed in:0:4.5.3.8-2.el8evRHSA-2023:3771
Fixed in:0:4.5.3.8-2.el8evRHSA-2023:3771
ovirt-engine-backendRocky
Fixed in:0:4.5.3.8-2.el8evRHSA-2023:3771
ovirt-engine-backendRed Hat / RHEL
Fixed in:0:4.5.3.8-2.el8evRHSA-2023:3771
ovirt-engine-dbscriptsRed Hat / RHEL
Fixed in:0:4.5.3.8-2.el8evRHSA-2023:3771
ovirt-engine-dbscriptsRocky
Fixed in:0:4.5.3.8-2.el8evRHSA-2023:3771
ovirt-engine-health-check-bundlerRed Hat / RHEL
Fixed in:0:4.5.3.8-2.el8evRHSA-2023:3771
ovirt-engine-health-check-bundlerRocky
Fixed in:0:4.5.3.8-2.el8evRHSA-2023:3771
ovirt-engine-restapiRocky
Fixed in:0:4.5.3.8-2.el8evRHSA-2023:3771
ovirt-engine-restapiRed Hat / RHEL
Fixed in:0:4.5.3.8-2.el8evRHSA-2023:3771
ovirt-engine-setupRocky
Fixed in:0:4.5.3.8-2.el8evRHSA-2023:3771
ovirt-engine-setupRed Hat / RHEL
Fixed in:0:4.5.3.8-2.el8evRHSA-2023:3771
ovirt-engine-setup-baseRocky
Fixed in:0:4.5.3.8-2.el8evRHSA-2023:3771
ovirt-engine-setup-baseRed Hat / RHEL
Fixed in:0:4.5.3.8-2.el8evRHSA-2023:3771
ovirt-engine-setup-plugin-cinderlibRed Hat / RHEL
Fixed in:0:4.5.3.8-2.el8evRHSA-2023:3771
ovirt-engine-setup-plugin-cinderlibRocky
Fixed in:0:4.5.3.8-2.el8evRHSA-2023:3771
ovirt-engine-setup-plugin-imageioRed Hat / RHEL
Fixed in:0:4.5.3.8-2.el8evRHSA-2023:3771
ovirt-engine-setup-plugin-imageioRocky
Fixed in:0:4.5.3.8-2.el8evRHSA-2023:3771
ovirt-engine-setup-plugin-ovirt-engineRed Hat / RHEL
Fixed in:0:4.5.3.8-2.el8evRHSA-2023:3771
ovirt-engine-setup-plugin-ovirt-engineRocky
Fixed in:0:4.5.3.8-2.el8evRHSA-2023:3771
ovirt-engine-setup-plugin-ovirt-engine-commonRocky
Fixed in:0:4.5.3.8-2.el8evRHSA-2023:3771
ovirt-engine-setup-plugin-ovirt-engine-commonRed Hat / RHEL
Fixed in:0:4.5.3.8-2.el8evRHSA-2023:3771
ovirt-engine-setup-plugin-vmconsole-proxy-helperRed Hat / RHEL
Fixed in:0:4.5.3.8-2.el8evRHSA-2023:3771
ovirt-engine-setup-plugin-vmconsole-proxy-helperRocky
Fixed in:0:4.5.3.8-2.el8evRHSA-2023:3771
ovirt-engine-setup-plugin-websocket-proxyRed Hat / RHEL
Fixed in:0:4.5.3.8-2.el8evRHSA-2023:3771
ovirt-engine-setup-plugin-websocket-proxyRocky
Fixed in:0:4.5.3.8-2.el8evRHSA-2023:3771
ovirt-engine-toolsRed Hat / RHEL
Fixed in:0:4.5.3.8-2.el8evRHSA-2023:3771
ovirt-engine-toolsRocky
Fixed in:0:4.5.3.8-2.el8evRHSA-2023:3771
ovirt-engine-tools-backupRed Hat / RHEL
Fixed in:0:4.5.3.8-2.el8evRHSA-2023:3771
ovirt-engine-tools-backupRocky
Fixed in:0:4.5.3.8-2.el8evRHSA-2023:3771
ovirt-engine-vmconsole-proxy-helperRed Hat / RHEL
Fixed in:0:4.5.3.8-2.el8evRHSA-2023:3771
ovirt-engine-vmconsole-proxy-helperRocky
Fixed in:0:4.5.3.8-2.el8evRHSA-2023:3771
ovirt-engine-webadmin-portalRocky
Fixed in:0:4.5.3.8-2.el8evRHSA-2023:3771
ovirt-engine-webadmin-portalRed Hat / RHEL
Fixed in:0:4.5.3.8-2.el8evRHSA-2023:3771
ovirt-engine-websocket-proxyRocky
Fixed in:0:4.5.3.8-2.el8evRHSA-2023:3771
ovirt-engine-websocket-proxyRed Hat / RHEL
Fixed in:0:4.5.3.8-2.el8evRHSA-2023:3771
python3-ovirt-engine-libRed Hat / RHEL
Fixed in:0:4.5.3.8-2.el8evRHSA-2023:3771
python3-ovirt-engine-libRocky
Fixed in:0:4.5.3.8-2.el8evRHSA-2023:3771
rhvmRocky
Fixed in:0:4.5.3.8-2.el8evRHSA-2023:3771
rhvmRed Hat / RHEL
Fixed in:0:4.5.3.8-2.el8evRHSA-2023:3771
vdsmRed Hat / RHEL
Fixed in:0:4.50.3.8-1.el8evRHSA-2023:3771
Fixed in:0:4.50.3.8-1.el8evRHSA-2023:3771
Fixed in:0:4.50.3.8-1.el8evRHSA-2023:3771
vdsmRocky
Fixed in:0:4.50.3.8-1.el8evRHSA-2023:3771
Fixed in:0:4.50.3.8-1.el8evRHSA-2023:3771
Fixed in:0:4.50.3.8-1.el8evRHSA-2023:3771
vdsm-apiRed Hat / RHEL
Fixed in:0:4.50.3.8-1.el8evRHSA-2023:3771
vdsm-apiRocky
Fixed in:0:4.50.3.8-1.el8evRHSA-2023:3771
vdsm-clientRed Hat / RHEL
Fixed in:0:4.50.3.8-1.el8evRHSA-2023:3771
vdsm-clientRocky
Fixed in:0:4.50.3.8-1.el8evRHSA-2023:3771
vdsm-commonRocky
Fixed in:0:4.50.3.8-1.el8evRHSA-2023:3771
vdsm-commonRed Hat / RHEL
Fixed in:0:4.50.3.8-1.el8evRHSA-2023:3771
vdsm-glusterRed Hat / RHEL
Fixed in:0:4.50.3.8-1.el8evRHSA-2023:3771
vdsm-glusterRocky
Fixed in:0:4.50.3.8-1.el8evRHSA-2023:3771
vdsm-hook-checkipsRocky
Fixed in:0:4.50.3.8-1.el8evRHSA-2023:3771
Fixed in:0:4.50.3.8-1.el8evRHSA-2023:3771
vdsm-hook-checkipsRed Hat / RHEL
Fixed in:0:4.50.3.8-1.el8evRHSA-2023:3771
Fixed in:0:4.50.3.8-1.el8evRHSA-2023:3771
vdsm-hook-cpuflagsRocky
Fixed in:0:4.50.3.8-1.el8evRHSA-2023:3771
vdsm-hook-cpuflagsRed Hat / RHEL
Fixed in:0:4.50.3.8-1.el8evRHSA-2023:3771
vdsm-hook-ethtool-optionsRed Hat / RHEL
Fixed in:0:4.50.3.8-1.el8evRHSA-2023:3771
vdsm-hook-ethtool-optionsRocky
Fixed in:0:4.50.3.8-1.el8evRHSA-2023:3771
vdsm-hook-extra-ipv4-addrsRed Hat / RHEL
Fixed in:0:4.50.3.8-1.el8evRHSA-2023:3771
Fixed in:0:4.50.3.8-1.el8evRHSA-2023:3771
vdsm-hook-extra-ipv4-addrsRocky
Fixed in:0:4.50.3.8-1.el8evRHSA-2023:3771
Fixed in:0:4.50.3.8-1.el8evRHSA-2023:3771
vdsm-hook-fcoeRocky
Fixed in:0:4.50.3.8-1.el8evRHSA-2023:3771
vdsm-hook-fcoeRed Hat / RHEL
Fixed in:0:4.50.3.8-1.el8evRHSA-2023:3771
vdsm-hook-localdiskRed Hat / RHEL
Fixed in:0:4.50.3.8-1.el8evRHSA-2023:3771
vdsm-hook-localdiskRocky
Fixed in:0:4.50.3.8-1.el8evRHSA-2023:3771
vdsm-hook-nestedvtRocky
Fixed in:0:4.50.3.8-1.el8evRHSA-2023:3771
vdsm-hook-nestedvtRed Hat / RHEL
Fixed in:0:4.50.3.8-1.el8evRHSA-2023:3771
vdsm-hook-openstacknetRed Hat / RHEL
Fixed in:0:4.50.3.8-1.el8evRHSA-2023:3771
vdsm-hook-openstacknetRocky
Fixed in:0:4.50.3.8-1.el8evRHSA-2023:3771
vdsm-hook-vhostmdRocky
Fixed in:0:4.50.3.8-1.el8evRHSA-2023:3771
vdsm-hook-vhostmdRed Hat / RHEL
Fixed in:0:4.50.3.8-1.el8evRHSA-2023:3771
vdsm-httpRocky
Fixed in:0:4.50.3.8-1.el8evRHSA-2023:3771
vdsm-httpRed Hat / RHEL
Fixed in:0:4.50.3.8-1.el8evRHSA-2023:3771
vdsm-jsonrpcRocky
Fixed in:0:4.50.3.8-1.el8evRHSA-2023:3771
vdsm-jsonrpcRed Hat / RHEL
Fixed in:0:4.50.3.8-1.el8evRHSA-2023:3771
vdsm-networkRocky
Fixed in:0:4.50.3.8-1.el8evRHSA-2023:3771
Fixed in:0:4.50.3.8-1.el8evRHSA-2023:3771
vdsm-networkRed Hat / RHEL
Fixed in:0:4.50.3.8-1.el8evRHSA-2023:3771
Fixed in:0:4.50.3.8-1.el8evRHSA-2023:3771
vdsm-pythonRed Hat / RHEL
Fixed in:0:4.50.3.8-1.el8evRHSA-2023:3771
vdsm-pythonRocky
Fixed in:0:4.50.3.8-1.el8evRHSA-2023:3771
vdsm-yajsonrpcRed Hat / RHEL
Fixed in:0:4.50.3.8-1.el8evRHSA-2023:3771
vdsm-yajsonrpcRocky
Fixed in:0:4.50.3.8-1.el8evRHSA-2023:3771

Remediation is compiled from vendor and distribution security advisories. Always confirm against the linked source for your exact version and platform.

CVSS v3 Vector

Exploitability

Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged

Impact

ConfidentialityNone
IntegrityNone
AvailabilityHigh

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Exploit Intelligence

0.97%probability of exploitation in 30 days
58thpercentile

Moderate risk: more likely to be exploited than 58% of all known CVEs.

References

Vendor Advisory1
Other references1

Related Vulnerabilities

Other CWE-400 (Resource Exhaustion) vulnerabilities, ordered by exploit likelihood. View all

CVESeverityCVSSEPSSExploitedFix
CVE-2023-44487High7.5100%KEVFix
CVE-2021-44228Critical10.0100%KEV + RansomFix
CVE-2011-3192High7.899%-Fix
CVE-2019-11478Medium5.395%-Fix
CVE-2024-25617Medium5.389%-Fix
CVE-2018-1000115High7.589%-Fix
Embed a live status badge for CVE-2023-20861
CVE-2023-20861 severity badge

Markdown

[![CVE-2023-20861](https://tridentstack.com/cve/badge/CVE-2023-20861.svg)](https://tridentstack.com/cve/CVE-2023-20861)

HTML

<a href="https://tridentstack.com/cve/CVE-2023-20861"><img src="https://tridentstack.com/cve/badge/CVE-2023-20861.svg" alt="CVE-2023-20861"></a>

Find and fix vulnerabilities across your fleet

TridentStack Control continuously scans your Windows, macOS, and Linux fleet for known vulnerabilities, prioritizes them by severity and active exploitation, and patches them automatically.

Start free

This product uses NVD data but is not endorsed or certified by the NVD. EPSS scores courtesy of FIRST.org (https://www.first.org/epss). Source: CISA KEV Catalog. Data as of 2025-02-25.