Medium severity4.8GHSA Advisory· Published Dec 2, 2024· Updated Apr 15, 2026
CVE-2024-38827
CVE-2024-38827
Description
The usage of String.toLowerCase() and String.toUpperCase() has some Locale dependent exceptions that could potentially result in authorization rules not working properly.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.springframework.security:spring-security-coreMaven | < 5.7.14 | 5.7.14 |
org.springframework.security:spring-security-coreMaven | >= 5.8.0, < 5.8.16 | 5.8.16 |
org.springframework.security:spring-security-coreMaven | >= 6.0.0, < 6.0.14 | 6.0.14 |
org.springframework.security:spring-security-coreMaven | >= 6.1.0, < 6.1.12 | 6.1.12 |
org.springframework.security:spring-security-coreMaven | >= 6.2.0, < 6.2.8 | 6.2.8 |
org.springframework.security:spring-security-coreMaven | >= 6.3.0, < 6.3.5 | 6.3.5 |
Affected products
14- Range: >= 6.3.0, < 6.3.5
- osv-coords13 versionspkg:apk/chainguard/camunda-zeebepkg:apk/chainguard/camunda-zeebe-compatpkg:apk/chainguard/thingsboardpkg:apk/chainguard/thingsboard-tb-js-executorpkg:apk/chainguard/thingsboard-tb-mqtt-transportpkg:apk/chainguard/thingsboard-tb-nodepkg:apk/chainguard/thingsboard-tb-web-uipkg:apk/wolfi/thingsboardpkg:apk/wolfi/thingsboard-tb-js-executorpkg:apk/wolfi/thingsboard-tb-mqtt-transportpkg:apk/wolfi/thingsboard-tb-nodepkg:apk/wolfi/thingsboard-tb-web-uipkg:maven/org.springframework.security/spring-security-core
< 8.6.5-r0+ 12 more
- (no CPE)range: < 8.6.5-r0
- (no CPE)range: < 8.6.5-r0
- (no CPE)range: < 3.8.1-r4
- (no CPE)range: < 3.8.1-r4
- (no CPE)range: < 3.8.1-r4
- (no CPE)range: < 3.8.1-r4
- (no CPE)range: < 3.8.1-r4
- (no CPE)range: < 3.8.1-r4
- (no CPE)range: < 3.8.1-r4
- (no CPE)range: < 3.8.1-r4
- (no CPE)range: < 3.8.1-r4
- (no CPE)range: < 3.8.1-r4
- (no CPE)range: < 5.7.14
Patches
Vulnerability mechanics
References
8- github.com/advisories/GHSA-q3v6-hm2v-pw99ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2024-38827ghsaADVISORY
- github.com/spring-projects/spring-framework/commit/11d4272ff48b4a4dabc4b28dfbff0364a4204bc9ghsaWEB
- github.com/spring-projects/spring-framework/issues/33708ghsaWEB
- github.com/spring-projects/spring-framework/issues/34232ghsaWEB
- security.netapp.com/advisory/ntap-20250124-0007ghsaWEB
- spring.io/security/cve-2024-38827nvdWEB
- security.netapp.com/advisory/ntap-20250124-0007/nvd
News mentions
0No linked articles in our index yet.