VYPR
Moderate severityNVD Advisory· Published Oct 18, 2024· Updated Nov 29, 2024

CVE-2024-38820: Spring Framework DataBinder Case Sensitive Match Exception

CVE-2024-38820

Description

The fix for CVE-2022-22968 made disallowedFields patterns in DataBinder case insensitive. However, String.toLowerCase() has some Locale dependent exceptions that could potentially result in fields not protected as expected.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
org.springframework:spring-contextMaven
>= 6.1.0, < 6.1.146.1.14
org.springframework:spring-webMaven
>= 6.1.0, < 6.1.146.1.14
org.springframework:spring-webMaven
>= 6.0.0, <= 6.0.24
org.springframework:spring-contextMaven
>= 6.0.0, <= 6.0.24
org.springframework:spring-contextMaven
<= 5.3.40
org.springframework:spring-webMaven
<= 5.3.40

Affected products

27

Patches

Vulnerability mechanics

References

6

News mentions

0

No linked articles in our index yet.