CVE-2023-20883 - Denial of Service (DoS)

Severity: None2023-07-26

Security Advisories

Abstract

In Spring Boot versions 3.0.0 - 3.0.6, 2.7.0 - 2.7.11, 2.6.0 - 2.6.14, 2.5.0 - 2.5.14 and older unsupported versions, there is potential for a denial-of-service (DoS) attack if Spring MVC is used together with a reverse proxy cache.

The Oxygen products incorporate Spring Boot as a third-party library. This advisory was opened to address the potential impact of this third-party library vulnerability.

Affected Products/Versions

ProductSeverityFixed Release Availability
Oxygen Content Fusion v5.1 and olderNone Oxygen Content Fusion 5.1.1 build 2023072112
Oxygen Feedback v3.0.1 and olderNone N/A

Mitigation

None

Detail

CVE-2023-20883

Severity: High

CVSS Score: 7.5

The Spring Boot third-party library used by Oxygen Content Fusion is an affected version mentioned in CVE-2023-20883 vulnerability description. However, since the server is not accessible through a proxy server, this vulnerability does not affect Oxygen Content Fusion.

Starting with Oxygen Content Fusion v5.1.1 build 2023072112 Spring Boot library was updated to a version that fixes this vulnerability.

List of Security Advisories

Video Tutorials
Upcoming Events
conference
Declarative Amsterdam 2024

Products

Features

Shop

Resources

Support

Company

© 2002-2024 SyncRO Soft SRL. All rights reserved.

This website was created & generated with <oXygen/>®XML Editor