knox icon indicating copy to clipboard operation
knox copied to clipboard
verified publisher icon apache

KNOX-3121 - Update spring-expressions for CVE-2024-38808

Open Preetesh2110 opened this issue 8 months ago • 12 comments

What changes were proposed in this pull request?

Update spring-expressions for CVE-2024-38808

How was this patch tested?

$ mvn dependency:tree | grep spring

Here is the output

+- org.springframework.vault:spring-vault-core:jar:2.3.4:compile
|  +- org.springframework:spring-core:jar:5.3.39:compile
|  |  \- org.springframework:spring-jcl:jar:5.3.39:compile
|  +- org.springframework:spring-context:jar:5.3.39:compile
|  |  +- org.springframework:spring-aop:jar:5.3.39:compile
|  |  \- org.springframework:spring-expression:jar:5.3.39:compile
|  \- org.springframework:spring-beans:jar:5.3.39:compile
+- org.springframework:spring-web:jar:5.3.39:compile
|  +- org.springframework.vault:spring-vault-core:jar:2.3.4:compile
|  |  +- org.springframework:spring-core:jar:5.3.39:compile
|  |  |  \- org.springframework:spring-jcl:jar:5.3.39:compile
|  |  +- org.springframework:spring-context:jar:5.3.39:compile
|  |  |  +- org.springframework:spring-aop:jar:5.3.39:compile
|  |  |  \- org.springframework:spring-expression:jar:5.3.39:compile
|  |  \- org.springframework:spring-beans:jar:5.3.39:compile
|  +- org.springframework:spring-web:jar:5.3.39:compile
|  |  +- org.springframework.vault:spring-vault-core:jar:2.3.4:compile
|  |  |  +- org.springframework:spring-core:jar:5.3.39:compile
|  |  |  |  \- org.springframework:spring-jcl:jar:5.3.39:compile
|  |  |  +- org.springframework:spring-context:jar:5.3.39:compile
|  |  |  |  +- org.springframework:spring-aop:jar:5.3.39:compile
|  |  |  |  \- org.springframework:spring-expression:jar:5.3.39:compile
|  |  |  \- org.springframework:spring-beans:jar:5.3.39:compile
|  |  \- org.springframework:spring-web:jar:5.3.39:compile
|  |  +- org.springframework.vault:spring-vault-core:jar:2.3.4:test
|  |  |  +- org.springframework:spring-core:jar:5.3.39:test
|  |  |  |  \- org.springframework:spring-jcl:jar:5.3.39:test
|  |  |  +- org.springframework:spring-context:jar:5.3.39:test
|  |  |  |  +- org.springframework:spring-aop:jar:5.3.39:test
|  |  |  |  \- org.springframework:spring-expression:jar:5.3.39:test
|  |  |  \- org.springframework:spring-beans:jar:5.3.39:test
|  |  \- org.springframework:spring-web:jar:5.3.39:test
|  |  +- org.springframework.vault:spring-vault-core:jar:2.3.4:test
|  |  |  +- org.springframework:spring-core:jar:5.3.39:test
|  |  |  |  \- org.springframework:spring-jcl:jar:5.3.39:test
|  |  |  +- org.springframework:spring-context:jar:5.3.39:test
|  |  |  |  +- org.springframework:spring-aop:jar:5.3.39:test
|  |  |  |  \- org.springframework:spring-expression:jar:5.3.39:test
|  |  |  \- org.springframework:spring-beans:jar:5.3.39:test
|  |  \- org.springframework:spring-web:jar:5.3.39:test
|  |  +- org.springframework.vault:spring-vault-core:jar:2.3.4:test
|  |  |  +- org.springframework:spring-core:jar:5.3.39:test
|  |  |  |  \- org.springframework:spring-jcl:jar:5.3.39:test
|  |  |  +- org.springframework:spring-context:jar:5.3.39:test
|  |  |  |  +- org.springframework:spring-aop:jar:5.3.39:test
|  |  |  |  \- org.springframework:spring-expression:jar:5.3.39:test
|  |  |  \- org.springframework:spring-beans:jar:5.3.39:test
|  |  \- org.springframework:spring-web:jar:5.3.39:test
|  |  +- org.springframework.vault:spring-vault-core:jar:2.3.4:test
|  |  |  +- org.springframework:spring-core:jar:5.3.39:test
|  |  |  |  \- org.springframework:spring-jcl:jar:5.3.39:test
|  |  |  +- org.springframework:spring-context:jar:5.3.39:test
|  |  |  |  +- org.springframework:spring-aop:jar:5.3.39:test
|  |  |  |  \- org.springframework:spring-expression:jar:5.3.39:test
|  |  |  \- org.springframework:spring-beans:jar:5.3.39:test
|  |  \- org.springframework:spring-web:jar:5.3.39:test
|  |  +- org.springframework.vault:spring-vault-core:jar:2.3.4:compile
|  |  |  +- org.springframework:spring-core:jar:5.3.39:compile
|  |  |  |  \- org.springframework:spring-jcl:jar:5.3.39:compile
|  |  |  +- org.springframework:spring-context:jar:5.3.39:compile
|  |  |  |  +- org.springframework:spring-aop:jar:5.3.39:compile
|  |  |  |  \- org.springframework:spring-expression:jar:5.3.39:compile
|  |  |  \- org.springframework:spring-beans:jar:5.3.39:compile
|  |  \- org.springframework:spring-web:jar:5.3.39:compile
|  |  +- org.springframework.vault:spring-vault-core:jar:2.3.4:compile
|  |  |  +- org.springframework:spring-core:jar:5.3.39:compile
|  |  |  |  \- org.springframework:spring-jcl:jar:5.3.39:compile
|  |  |  +- org.springframework:spring-context:jar:5.3.39:compile
|  |  |  |  +- org.springframework:spring-aop:jar:5.3.39:compile
|  |  |  |  \- org.springframework:spring-expression:jar:5.3.39:compile
|  |  |  \- org.springframework:spring-beans:jar:5.3.39:compile
|  |  \- org.springframework:spring-web:jar:5.3.39:compile
|  |  +- org.springframework.vault:spring-vault-core:jar:2.3.4:compile
|  |  |  +- org.springframework:spring-core:jar:5.3.39:compile
|  |  |  |  \- org.springframework:spring-jcl:jar:5.3.39:compile
|  |  |  +- org.springframework:spring-context:jar:5.3.39:compile
|  |  |  |  +- org.springframework:spring-aop:jar:5.3.39:compile
|  |  |  |  \- org.springframework:spring-expression:jar:5.3.39:compile
|  |  |  \- org.springframework:spring-beans:jar:5.3.39:compile
|  |  \- org.springframework:spring-web:jar:5.3.39:compile
|  |  +- org.springframework.vault:spring-vault-core:jar:2.3.4:compile
|  |  |  +- org.springframework:spring-context:jar:5.3.39:compile
|  |  |  |  +- org.springframework:spring-aop:jar:5.3.39:compile
|  |  |  |  \- org.springframework:spring-expression:jar:5.3.39:compile
|  |  |  \- org.springframework:spring-beans:jar:5.3.39:compile
|  |  \- org.springframework:spring-web:jar:5.3.39:compile
|  |  \- org.springframework:spring-orm:jar:5.3.39:compile
|  |     +- org.springframework:spring-jdbc:jar:5.3.39:compile
|  |     \- org.springframework:spring-tx:jar:5.3.39:compile
+- org.springframework:spring-core:jar:5.3.39:compile
|  \- org.springframework:spring-jcl:jar:5.3.39:compile
|  |  +- org.springframework.vault:spring-vault-core:jar:2.3.4:test
|  |  |  +- org.springframework:spring-core:jar:5.3.39:test
|  |  |  |  \- org.springframework:spring-jcl:jar:5.3.39:test
|  |  |  +- org.springframework:spring-context:jar:5.3.39:test
|  |  |  |  +- org.springframework:spring-aop:jar:5.3.39:test
|  |  |  |  \- org.springframework:spring-expression:jar:5.3.39:test
|  |  |  \- org.springframework:spring-beans:jar:5.3.39:test
|  |  \- org.springframework:spring-web:jar:5.3.39:test
|  |  +- org.springframework.vault:spring-vault-core:jar:2.3.4:compile
|  |  |  +- org.springframework:spring-core:jar:5.3.39:compile
|  |  |  |  \- org.springframework:spring-jcl:jar:5.3.39:compile
|  |  |  +- org.springframework:spring-context:jar:5.3.39:compile
|  |  |  |  +- org.springframework:spring-aop:jar:5.3.39:compile
|  |  |  |  \- org.springframework:spring-expression:jar:5.3.39:compile
|  |  |  \- org.springframework:spring-beans:jar:5.3.39:compile
|  |  \- org.springframework:spring-web:jar:5.3.39:compile
|  |  +- org.springframework.vault:spring-vault-core:jar:2.3.4:compile
|  |  |  +- org.springframework:spring-context:jar:5.3.39:compile
|  |  |  |  +- org.springframework:spring-aop:jar:5.3.39:compile
|  |  |  |  \- org.springframework:spring-expression:jar:5.3.39:compile
|  |  |  \- org.springframework:spring-beans:jar:5.3.39:compile
|  |  \- org.springframework:spring-web:jar:5.3.39:compile
|  |  |  \- org.springframework:spring-orm:jar:5.3.39:test
|  |  |     +- org.springframework:spring-jdbc:jar:5.3.39:test
|  |  |     \- org.springframework:spring-tx:jar:5.3.39:test
|  +- org.springframework:spring-core:jar:5.3.39:compile
|  |  \- org.springframework:spring-jcl:jar:5.3.39:compile
|  |  |  +- org.springframework.vault:spring-vault-core:jar:2.3.4:compile
|  |  |  |  +- org.springframework:spring-core:jar:5.3.39:compile
|  |  |  |  |  \- org.springframework:spring-jcl:jar:5.3.39:compile
|  |  |  |  +- org.springframework:spring-context:jar:5.3.39:compile
|  |  |  |  |  +- org.springframework:spring-aop:jar:5.3.39:compile
|  |  |  |  |  \- org.springframework:spring-expression:jar:5.3.39:compile
|  |  |  |  \- org.springframework:spring-beans:jar:5.3.39:compile
|  |  |  \- org.springframework:spring-web:jar:5.3.39:compile
|  |  |  \- org.springframework:spring-orm:jar:5.3.39:compile
|  |  |     +- org.springframework:spring-jdbc:jar:5.3.39:compile
|  |  |     \- org.springframework:spring-tx:jar:5.3.39:compile
|  +- org.springframework:spring-core:jar:5.3.39:compile
|  |  \- org.springframework:spring-jcl:jar:5.3.39:compile
|  +- org.springframework.vault:spring-vault-core:jar:2.3.4:compile
|  |  +- org.springframework:spring-context:jar:5.3.39:compile
|  |  |  +- org.springframework:spring-aop:jar:5.3.39:compile
|  |  |  \- org.springframework:spring-expression:jar:5.3.39:compile
|  |  \- org.springframework:spring-beans:jar:5.3.39:compile
|  +- org.springframework:spring-web:jar:5.3.39:compile
|  |  +- org.springframework.vault:spring-vault-core:jar:2.3.4:compile
|  |  |  +- org.springframework:spring-context:jar:5.3.39:compile
|  |  |  |  +- org.springframework:spring-aop:jar:5.3.39:compile
|  |  |  |  \- org.springframework:spring-expression:jar:5.3.39:compile
|  |  |  \- org.springframework:spring-beans:jar:5.3.39:compile
|  |  \- org.springframework:spring-web:jar:5.3.39:compile
|  |  |  |  \- org.springframework:spring-orm:jar:5.3.39:compile
|  |  |  |     +- org.springframework:spring-jdbc:jar:5.3.39:compile
|  |  |  |     \- org.springframework:spring-tx:jar:5.3.39:compile
|  |  +- org.springframework:spring-core:jar:5.3.39:compile
|  |  |  \- org.springframework:spring-jcl:jar:5.3.39:compile
|  |  |  |  \- org.springframework:spring-orm:jar:5.3.39:compile
|  |  |  |     +- org.springframework:spring-jdbc:jar:5.3.39:compile
|  |  |  |     \- org.springframework:spring-tx:jar:5.3.39:compile
|  |  \- org.springframework:spring-core:jar:5.3.39:compile
|  |     \- org.springframework:spring-jcl:jar:5.3.39:compile
|  |  +- org.springframework.vault:spring-vault-core:jar:2.3.4:compile
|  |  |  +- org.springframework:spring-context:jar:5.3.39:compile
|  |  |  |  +- org.springframework:spring-aop:jar:5.3.39:compile
|  |  |  |  \- org.springframework:spring-expression:jar:5.3.39:compile
|  |  |  \- org.springframework:spring-beans:jar:5.3.39:compile
|  |  +- org.springframework:spring-web:jar:5.3.39:compile
|  |  +- org.springframework.vault:spring-vault-core:jar:2.3.4:test
|  |  |  +- org.springframework:spring-context:jar:5.3.39:test
|  |  |  |  +- org.springframework:spring-aop:jar:5.3.39:test
|  |  |  |  \- org.springframework:spring-expression:jar:5.3.39:test
|  |  |  \- org.springframework:spring-beans:jar:5.3.39:test
|  |  \- org.springframework:spring-web:jar:5.3.39:test
|  |  |  |  \- org.springframework:spring-orm:jar:5.3.39:test
|  |  |  |     +- org.springframework:spring-jdbc:jar:5.3.39:test
|  |  |  |     \- org.springframework:spring-tx:jar:5.3.39:test
|  |  +- org.springframework:spring-core:jar:5.3.39:test
|  |  |  \- org.springframework:spring-jcl:jar:5.3.39:test
|  |  |  |  \- org.springframework:spring-orm:jar:5.3.39:provided
|  |  |  |     +- org.springframework:spring-jdbc:jar:5.3.39:provided
|  |  |  |     \- org.springframework:spring-tx:jar:5.3.39:provided
|  |  +- org.springframework:spring-core:jar:5.3.39:provided
|  |  |  \- org.springframework:spring-jcl:jar:5.3.39:provided
|  |  +- org.springframework.vault:spring-vault-core:jar:2.3.4:provided
|  |  |  +- org.springframework:spring-context:jar:5.3.39:provided
|  |  |  |  +- org.springframework:spring-aop:jar:5.3.39:provided
|  |  |  |  \- org.springframework:spring-expression:jar:5.3.39:provided
|  |  |  \- org.springframework:spring-beans:jar:5.3.39:provided
|  |  \- org.springframework:spring-web:jar:5.3.39:provided
|  |  |  |  \- org.springframework:spring-orm:jar:5.3.39:provided
|  |  |  |     +- org.springframework:spring-jdbc:jar:5.3.39:provided
|  |  |  |     \- org.springframework:spring-tx:jar:5.3.39:provided
|  |  +- org.springframework:spring-core:jar:5.3.39:provided
|  |  |  \- org.springframework:spring-jcl:jar:5.3.39:provided
|  |  +- org.springframework.vault:spring-vault-core:jar:2.3.4:provided
|  |  |  +- org.springframework:spring-context:jar:5.3.39:provided
|  |  |  |  +- org.springframework:spring-aop:jar:5.3.39:provided
|  |  |  |  \- org.springframework:spring-expression:jar:5.3.39:provided
|  |  |  \- org.springframework:spring-beans:jar:5.3.39:provided
|  |  \- org.springframework:spring-web:jar:5.3.39:provided
|  |  |  |  \- org.springframework:spring-orm:jar:5.3.39:provided
|  |  |  |     +- org.springframework:spring-jdbc:jar:5.3.39:provided
|  |  |  |     \- org.springframework:spring-tx:jar:5.3.39:provided
|  |  +- org.springframework:spring-core:jar:5.3.39:provided
|  |  |  \- org.springframework:spring-jcl:jar:5.3.39:provided
|  |  +- org.springframework.vault:spring-vault-core:jar:2.3.4:provided
|  |  |  +- org.springframework:spring-context:jar:5.3.39:provided
|  |  |  |  +- org.springframework:spring-aop:jar:5.3.39:provided
|  |  |  |  \- org.springframework:spring-expression:jar:5.3.39:provided
|  |  |  \- org.springframework:spring-beans:jar:5.3.39:provided
|  |  \- org.springframework:spring-web:jar:5.3.39:provided

Preetesh2110 avatar Apr 07 '25 06:04 Preetesh2110