Skip to content

How to handle CVE-2023-44794 in Spring

Security Vulnerability –

How to remove HIGH security vulnerability CVE-2023-44794 found in spring-core and spring-web jar files.

Environment –

All the applications using spring-core and spring-web jar files.

Root cause –

An issue in Dromara SaToken version 1.36.0 and before allows a remote attacker to escalate privileges via a crafted payload to the URL.

Vulnerability Details –

NVD statusNVD url
9.8 CRITICALCVE-2023-44794

Solution with Spring –

CVE-2023-44794 flagged in spring-core and spring-web jar files as CRITICAL vulnerability. However, please note the Spring team is not involved in any way with the https://github.com/dromara/Sa-Token project. The issue is raised in official Github Spring framework forum and Spring team marked it as not planned.

Proof –

When we checked CVE-2023-44794 in the official NVD API then it returns spring framework as non vulnerable. To verify from your end please run below curl command.

curl https://services.nvd.nist.gov/rest/json/cves/2.0\?cveId\=CVE-2023-44794

You will get output in JSON format. In the output check for spring_framework and spring_boot, you will find vulnerable tag as false.

{
            "vulnerable": false,
            "criteria": "cpe:2.3:a:vmware:spring_boot:*:*:*:*:*:*:*:*",
            "versionStartIncluding": "2.3.1",
            "matchCriteriaId": "C59F2ABD-BAE0-408C-AED4-6D484134E7F6"
          },
          {
            "vulnerable": false,
            "criteria": "cpe:2.3:a:vmware:spring_framework:*:*:*:*:*:*:*:*",
            "versionStartIncluding": "5.3.0",
            "matchCriteriaId": "821E9C4B-844C-4D73-AB99-0A6A8D00CC1E"
          }

Do you have another solution?

The solution provided above is based on the scenario our one of the developers/contributors faced. If you faced the same issue and found any other root cause then please share your solution in the comment section below. We will add the solution in this article.

Leave a Reply

Your email address will not be published. Required fields are marked *