CVE-2023-20883 - Denial of Service (DoS)
Severity: None2023-07-26
Abstract
In Spring Boot versions 3.0.0 - 3.0.6, 2.7.0 - 2.7.11, 2.6.0 - 2.6.14, 2.5.0 - 2.5.14 and older unsupported versions, there is potential for a denial-of-service (DoS) attack if Spring MVC is used together with a reverse proxy cache.
The Oxygen products incorporate Spring Boot as a third-party library. This advisory was opened to address the potential impact of this third-party library vulnerability.
Affected Products/Versions
Product | Severity | Fixed Release Availability |
Oxygen Content Fusion v5.1 and older | None | Oxygen Content Fusion 5.1.1 build 2023072112 |
Oxygen Feedback v3.0.1 and older | None | N/A |
Detail
CVE-2023-20883
Severity: High
CVSS Score: 7.5
The Spring Boot third-party library used by Oxygen Content Fusion is an affected version mentioned in CVE-2023-20883 vulnerability description. However, since the server is not accessible through a proxy server, this vulnerability does not affect Oxygen Content Fusion.
Starting with Oxygen Content Fusion v5.1.1 build 2023072112 Spring Boot library was updated to a version that fixes this vulnerability.