{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-12T02:33:31.886","vulnerabilities":[{"cve":{"id":"CVE-2023-34053","sourceIdentifier":"security@vmware.com","published":"2023-11-28T09:15:06.960","lastModified":"2025-02-13T17:16:34.070","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"In Spring Framework versions 6.0.0 - 6.0.13, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service (DoS) condition.\n\nSpecifically, an application is vulnerable when all of the following are true:\n\n  *  the application uses Spring MVC or Spring WebFlux\n  *  io.micrometer:micrometer-core is on the classpath\n  *  an ObservationRegistry is configured in the application to record observations\n\n\nTypically, Spring Boot applications need the org.springframework.boot:spring-boot-actuator dependency to meet all conditions."},{"lang":"es","value":"En las versiones 6.0.0 - 6.0.13 de Spring Framework, es posible que un usuario proporcione solicitudes HTTP especialmente manipuladas que pueden causar una condición de denegación de servicio (DoS). Específicamente, una aplicación es vulnerable cuando se cumple todo lo siguiente: * la aplicación usa Spring MVC o Spring WebFlux * io.micrometer:micrometer-core está en el classpath * un ObservationRegistry está configurado en la aplicación para registrar observaciones Typically, Spring Boot las aplicaciones necesitan la dependencia org.springframework.boot:spring-boot-actuator para cumplir con todas las condiciones."}],"metrics":{"cvssMetricV31":[{"source":"security@vmware.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":1.4},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:spring_framework:*:*:*:*:*:*:*:*","versionStartIncluding":"6.0.0","versionEndExcluding":"6.0.14","matchCriteriaId":"3C9B7BEA-AF85-4815-AFC0-0A04240FAD32"}]}]}],"references":[{"url":"https://security.netapp.com/advisory/ntap-20231214-0007/","source":"security@vmware.com"},{"url":"https://spring.io/security/cve-2023-34053","source":"security@vmware.com","tags":["Vendor Advisory"]},{"url":"https://security.netapp.com/advisory/ntap-20231214-0007/","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://spring.io/security/cve-2023-34053","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}}]}