Home
MEDIUM: 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:HDefault status
unaffected
4.0.0 (custom) before 4.0.6
affected
3.5.0 (custom) before 3.5.12
affected
3.4.0 (custom) before 3.4.15
affected
3.3.0 (custom) before 3.3.17
affected
3.2.0 (custom) before 3.2.16
affected
3.1.0 (custom) before 3.1.15
affected
3.0.0 (custom) before 3.0.16
affected
2.7.0 (custom) before 2.7.20
affected
Description
Applications using Spring Data Commons may be vulnerable to a Denial of Service (DoS) attack leading to a StackOverflowException when parsing Sort parameters. Affected versions: Spring Data Commons 4.0.0 through 4.0.5; 3.5.0 through 3.5.11; 3.4.0 through 3.4.14; 3.3.0 through 3.3.16; 3.2.0 through 3.2.15; 3.1.0 through 3.1.14; 3.0.0 through 3.0.15; 2.7.0 through 2.7.19.
Problem types
CWE-400: Uncontrolled Resource Consumption
Product status
4.0.0 (custom) before 4.0.6
3.5.0 (custom) before 3.5.12
3.4.0 (custom) before 3.4.15
3.3.0 (custom) before 3.3.17
3.2.0 (custom) before 3.2.16
3.1.0 (custom) before 3.1.15
3.0.0 (custom) before 3.0.16
2.7.0 (custom) before 2.7.20
References
spring.io/security/cve-2026-41711