Medium severity5.3GHSA Advisory· Published Sep 27, 2024· Updated Apr 15, 2026
CVE-2024-38809
CVE-2024-38809
Description
Applications that parse ETags from "If-Match" or "If-None-Match" request headers are vulnerable to DoS attack.
Users of affected versions should upgrade to the corresponding fixed version.
Users of older, unsupported versions could enforce a size limit on "If-Match" and "If-None-Match" headers, e.g. through a Filter.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.springframework:spring-webMaven | < 5.3.38 | 5.3.38 |
org.springframework:spring-webMaven | >= 6.0.0, < 6.0.23 | 6.0.23 |
org.springframework:spring-webMaven | >= 6.1.0, < 6.1.12 | 6.1.12 |
Affected products
19- Range: >= 6.1.0, < 6.1.12
- osv-coords18 versionspkg:apk/chainguard/apache-nifipkg:apk/chainguard/camunda-zeebepkg:apk/chainguard/jenkins-2.452pkg:apk/chainguard/kayenta-2025.4pkg:apk/chainguard/kayenta-2026.0pkg:apk/chainguard/kayenta-fips-2025.4pkg:apk/chainguard/thingsboardpkg:apk/chainguard/thingsboard-tb-js-executorpkg:apk/chainguard/thingsboard-tb-mqtt-transportpkg:apk/chainguard/thingsboard-tb-nodepkg:apk/chainguard/thingsboard-tb-web-uipkg:apk/wolfi/apache-nifipkg:apk/wolfi/thingsboardpkg:apk/wolfi/thingsboard-tb-js-executorpkg:apk/wolfi/thingsboard-tb-mqtt-transportpkg:apk/wolfi/thingsboard-tb-nodepkg:apk/wolfi/thingsboard-tb-web-uipkg:maven/org.springframework/spring-web
< 1.27.0-r1+ 17 more
- (no CPE)range: < 1.27.0-r1
- (no CPE)range: < 8.5.7-r0
- (no CPE)range: < 2.452.4-r3
- (no CPE)range: < 2025.4.3-r6
- (no CPE)range: < 2026.0.2-r6
- (no CPE)range: < 2025.4.3-r7
- (no CPE)range: < 3.9.1-r2
- (no CPE)range: < 3.9.1-r2
- (no CPE)range: < 3.9.1-r2
- (no CPE)range: < 3.9.1-r2
- (no CPE)range: < 3.9.1-r2
- (no CPE)range: < 1.27.0-r1
- (no CPE)range: < 3.9.1-r2
- (no CPE)range: < 3.9.1-r2
- (no CPE)range: < 3.9.1-r2
- (no CPE)range: < 3.9.1-r2
- (no CPE)range: < 3.9.1-r2
- (no CPE)range: < 5.3.38
Patches
Vulnerability mechanics
References
8- github.com/advisories/GHSA-2rmj-mq67-h97gghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2024-38809ghsaADVISORY
- github.com/spring-projects/spring-framework/commit/582bfccbb72e5c8959a0b472d1dc7d03a20520f3ghsaWEB
- github.com/spring-projects/spring-framework/commit/8d16a50907c11f7e6b407d878a26e84eba08a533ghsaWEB
- github.com/spring-projects/spring-framework/commit/bb17ad8314b81850a939fd265fb53b3361705e85ghsaWEB
- github.com/spring-projects/spring-framework/issues/33372ghsaWEB
- spring.io/security/cve-2024-38809nvdWEB
- security.netapp.com/advisory/ntap-20240920-0003/nvd
News mentions
0No linked articles in our index yet.