OSV-2023-1244

See a problem?

Import Source

https://github.com/google/oss-fuzz-vulns/blob/main/vulns/spring-data-mongodb/OSV-2023-1244.yaml

JSON Data

https://api.osv.dev/v1/vulns/OSV-2023-1244

Published

2023-12-02T13:00:17.170709Z

Modified

2023-12-09T14:11:35.526034Z

Summary

Security exception in org.springframework.expression.spel.ast.OpPlus.getValueInternal

Details

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=64641

Crash type: Security exception
Crash state:
org.springframework.expression.spel.ast.OpPlus.getValueInternal
org.springframework.util.ConcurrentReferenceHashMap$Segment.restructureIfNecessa
org.springframework.util.ConcurrentReferenceHashMap.purgeUnreferencedEntries

References

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=64641

Affected packages

OSS-Fuzz / spring-data-mongodb

Package

Name: spring-data-mongodb
Purl: pkg:generic/spring-data-mongodb

Affected ranges

Type: GIT
Repo: https://github.com/spring-projects/spring-data-mongodb
Events: Introduced

fa9fbcb2edca6e32e7c154b2876a9a4c01762f5f

Fixed

6b8749278bde658ee1c212585cd84f2744fb5936

Introduced

6f6b61d59525a4bb3237a065622784aff591379e

Fixed

4aec4f33e61a4f29fe8f28c09ea3b8f434c5b18e

Ecosystem specific

{
    "severity": "LOW"
}

Database specific

{
    "introduced_range": "b7eedad2f5c7f03f1706ce75755f1d2038cd8092:6b8749278bde658ee1c212585cd84f2744fb5936"
}