{"id":"CVE-2023-34053","details":"In Spring Framework versions 6.0.0 - 6.0.13, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service (DoS) condition.\n\nSpecifically, an application is vulnerable when all of the following are true:\n\n  *  the application uses Spring MVC or Spring WebFlux\n  *  io.micrometer:micrometer-core is on the classpath\n  *  an ObservationRegistry is configured in the application to record observations\n\n\nTypically, Spring Boot applications need the org.springframework.boot:spring-boot-actuator dependency to meet all conditions.","aliases":["GHSA-v94h-hvhg-mf9h"],"modified":"2026-03-14T12:07:21.943949Z","published":"2023-11-28T09:15:06.960Z","references":[{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20231214-0007/"},{"type":"ADVISORY","url":"https://spring.io/security/cve-2023-34053"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/spring-projects/spring-framework","events":[{"introduced":"5a30a43b753a971ac8bf4005a8ccddeaff439d7e"},{"fixed":"28bb639736c98213bcc5f34a33aa0e093690fcc8"}],"database_specific":{"versions":[{"introduced":"6.0.0"},{"fixed":"6.0.14"}]}}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-34053.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}