OSV-2023-1001

See a problem?

Import Source

https://github.com/google/oss-fuzz-vulns/blob/main/vulns/spring-data-keyvalue/OSV-2023-1001.yaml

JSON Data

https://api.osv.dev/v1/vulns/OSV-2023-1001

Published

2023-10-11T13:02:38.205441Z

Modified

2023-10-14T14:20:59.452689Z

Summary

Security exception in java.base/java.lang.String.repeat

Details

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=63154

Crash type: Security exception
Crash state:
java.base/java.lang.String.repeat
org.springframework.expression.spel.ast.OpMultiply.getValueInternal
org.springframework.expression.spel.ast.MethodReference.getArguments

References

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=63154

Affected packages

OSS-Fuzz / spring-data-keyvalue

Package

Name: spring-data-keyvalue
Purl: pkg:generic/spring-data-keyvalue

Affected ranges

Type: GIT
Repo: https://github.com/spring-projects/spring-data-keyvalue.git
Events: Introduced

0d4a18fc90cf134d33a227bea68b6e2d9cad7541

Fixed

ee43ad3b43ee470a617c568522edf07f606b1516

Affected versions

3.*

3.0.0

3.0.1

3.0.10

3.0.11

3.0.2

3.0.3

3.0.4

3.0.5

3.0.6

3.0.7

3.0.8

3.0.9

3.1.0

3.1.0-M1

3.1.0-M2

3.1.0-M3

3.1.0-RC1

3.1.1

3.1.2

3.1.3

3.1.4

3.1.5

3.2.0-M1

3.2.0-M2

3.2.0-M3

Ecosystem specific

{
    "severity": "LOW"
}

Database specific

{
    "introduced_range": "unknown:0d4a18fc90cf134d33a227bea68b6e2d9cad7541"
}