What is the severity level of CVE-2023-20883?

The severity level of CVE-2023-20883 is high with a CVSS score of 7.5.

How can this vulnerability be exploited?

This vulnerability can be exploited through a denial-of-service (DoS) attack if Spring MVC is used together with a reverse proxy cache.

How can I fix CVE-2023-20883?

To fix CVE-2023-20883, upgrade to the following versions: 2.5.15 for 2.5.x, 2.6.15 for 2.6.x, 2.7.12 for 2.7.x, and 3.0.7 for 3.0.x.

Vulnerability/
CVE-2023-20883

high

7.5

CWE

400

23/5/2023

26/5/2023

16/1/2025

CVE-2023-20883

Q: What is CVE-2023-20883?

CVE-2023-20883 is a vulnerability in Spring Boot versions 3.0.0 - 3.0.6, 2.7.0 - 2.7.11, 2.6.0 - 2.6.14, 2.5.0 - 2.5.14, and older unsupported versions.

First published: Tue May 23 2023(Updated: )

In Spring Boot versions 3.0.0 - 3.0.6, 2.7.0 - 2.7.11, 2.6.0 - 2.6.14, 2.5.0 - 2.5.14 and older unsupported versions, there is potential for a denial-of-service (DoS) attack if Spring MVC is used together with a reverse proxy cache.

Credit: security@vmware.com security@vmware.com security@vmware.com

Affected Software	Affected Version	How to fix
maven/org.springframework.boot:spring-boot-autoconfigure	<2.5.15	2.5.15
maven/org.springframework.boot:spring-boot-autoconfigure	>=2.6.0<2.6.15	2.6.15
maven/org.springframework.boot:spring-boot-autoconfigure	>=2.7.0<2.7.12	2.7.12
maven/org.springframework.boot:spring-boot-autoconfigure	>=3.0.0<3.0.7	3.0.7
redhat/spring-boot	<3.0.7	3.0.7
redhat/spring-boot	<2.7.12	2.7.12
redhat/spring-boot	<2.6.15	2.6.15
redhat/spring-boot	<2.5.15	2.5.15
Vmware Spring Boot	<2.5.14
Vmware Spring Boot	>=2.6.0<=2.6.14
Vmware Spring Boot	>=2.7.0<=2.7.11
Vmware Spring Boot	>=3.0.0<=3.0.6
IBM Watson Knowledge Catalog on-prem	<=4.x

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

IBM-7009747

Frequently Asked Questions

What is CVE-2023-20883?
CVE-2023-20883 is a vulnerability in Spring Boot versions 3.0.0 - 3.0.6, 2.7.0 - 2.7.11, 2.6.0 - 2.6.14, 2.5.0 - 2.5.14, and older unsupported versions.
What is the severity level of CVE-2023-20883?
The severity level of CVE-2023-20883 is high with a CVSS score of 7.5.
How can this vulnerability be exploited?
This vulnerability can be exploited through a denial-of-service (DoS) attack if Spring MVC is used together with a reverse proxy cache.
Which versions of Spring Boot are affected by CVE-2023-20883?
Spring Boot versions 3.0.0 - 3.0.6, 2.7.0 - 2.7.11, 2.6.0 - 2.6.14, 2.5.0 - 2.5.14, and older unsupported versions are affected by CVE-2023-20883.
How can I fix CVE-2023-20883?
To fix CVE-2023-20883, upgrade to the following versions: 2.5.15 for 2.5.x, 2.6.15 for 2.6.x, 2.7.12 for 2.7.x, and 3.0.7 for 3.0.x.

collector/nvd-latest
collector/github-advisory-latest
alias/GHSA-xf96-w227-r7c4
alias/CVE-2023-20883
collector/github-advisory
collector/nvd-index
collector/nvd-cve
agent/author
agent/type
agent/softwarecombine
agent/first-publish-date
agent/references
agent/weakness
agent/severity
collector/redhat-bugzilla
source/Red Hat
agent/software-canonical-lookup
agent/description
agent/event
collector/ibm-support
source/IBM
agent/trending
agent/tags
collector/mitre-cve
source/MITRE
agent/last-modified-date
collector/nvd-api
source/NVD
package-manager/maven
vendor/vmware
canonical/vmware spring boot
version/vmware spring boot/2.6.0
version/vmware spring boot/2.6.14
version/vmware spring boot/2.7.0
version/vmware spring boot/2.7.11
version/vmware spring boot/3.0.0
version/vmware spring boot/3.0.6
package-manager/redhat
vendor/ibm
canonical/ibm watson knowledge catalog on-prem
version/ibm watson knowledge catalog on-prem/4.x

CVE-2023-20883

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

Frequently Asked Questions

What is CVE-2023-20883?

What is the severity level of CVE-2023-20883?

How can this vulnerability be exploited?

Which versions of Spring Boot are affected by CVE-2023-20883?

How can I fix CVE-2023-20883?

Company

Resources

Contact