VYPR
Medium severity5.3GHSA Advisory· Published Sep 27, 2024· Updated Apr 15, 2026

CVE-2024-38809

CVE-2024-38809

Description

Applications that parse ETags from "If-Match" or "If-None-Match" request headers are vulnerable to DoS attack.

Users of affected versions should upgrade to the corresponding fixed version.

Users of older, unsupported versions could enforce a size limit on "If-Match" and "If-None-Match" headers, e.g. through a Filter.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
org.springframework:spring-webMaven
< 5.3.385.3.38
org.springframework:spring-webMaven
>= 6.0.0, < 6.0.236.0.23
org.springframework:spring-webMaven
>= 6.1.0, < 6.1.126.1.12

Affected products

19

Patches

Vulnerability mechanics

References

8

News mentions

0

No linked articles in our index yet.