Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS13ampyLWg0d2gtdzZ2ds3Duw
Spring Framework Inefficient Regular Expression Complexity
Algorithmic complexity vulnerability in the java.util.regex.Pattern.compile method in Sun Java Development Kit (JDK) before 1.6, when used with spring.jar in SpringSource Spring Framework 1.1.0 through 2.5.6 and 3.0.0.M1 through 3.0.0.M2 and dm Server 1.0.0 through 1.0.2, allows remote attackers to cause a denial of service (CPU consumption) via serializable data with a long regex string containing multiple optional groups, a related issue to CVE-2004-2540.
Permalink: https://github.com/advisories/GHSA-wjjr-h4wh-w6vvJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS13ampyLWg0d2gtdzZ2ds3Duw
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: almost 2 years ago
Updated: about 1 year ago
Identifiers: GHSA-wjjr-h4wh-w6vv, CVE-2009-1190
References:
- https://nvd.nist.gov/vuln/detail/CVE-2009-1190
- https://bugzilla.redhat.com/show_bug.cgi?id=497161
- https://exchange.xforce.ibmcloud.com/vulnerabilities/50083
- http://www.packetstormsecurity.org/hitb06/DAY_1_-_Marc_Schoenefeld_-_Pentesting_Java_J2EE.pdf
- http://www.springsource.com/securityadvisory
- https://github.com/advisories/GHSA-wjjr-h4wh-w6vv
Affected Packages
maven:org.springframework:spring-core
Dependent packages: 6,691Dependent repositories: 157,893
Downloads:
Affected Version Ranges: >= 1.1.0, <= 2.5.6
Fixed in: 3.0.0.RELEASE
All affected versions: 1.1.1, 1.1.2, 1.1.3, 1.1.4, 1.1.5, 1.2.1, 1.2.2, 1.2.3, 1.2.4, 1.2.5, 1.2.6, 1.2.7, 1.2.8, 1.2.9, 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, 2.0.6, 2.0.7, 2.0.8, 2.5.1, 2.5.2, 2.5.3, 2.5.4, 2.5.5, 2.5.6
All unaffected versions: 1.0.1, 5.3.0, 5.3.1, 5.3.2, 5.3.3, 5.3.4, 5.3.5, 5.3.6, 5.3.7, 5.3.8, 5.3.9, 5.3.10, 5.3.11, 5.3.12, 5.3.13, 5.3.14, 5.3.15, 5.3.16, 5.3.17, 5.3.18, 5.3.19, 5.3.20, 5.3.21, 5.3.22, 5.3.23, 5.3.24, 5.3.25, 5.3.26, 5.3.27, 5.3.28, 5.3.29, 5.3.30, 5.3.31, 5.3.32, 5.3.33, 5.3.34, 6.0.0, 6.0.1, 6.0.2, 6.0.3, 6.0.4, 6.0.5, 6.0.6, 6.0.7, 6.0.8, 6.0.9, 6.0.10, 6.0.11, 6.0.12, 6.0.13, 6.0.14, 6.0.15, 6.0.16, 6.0.17, 6.0.18, 6.0.19, 6.1.0, 6.1.1, 6.1.2, 6.1.3, 6.1.4, 6.1.5, 6.1.6