Medium severity5.3GHSA Advisory· Published Nov 18, 2024· Updated Apr 15, 2026
CVE-2024-38828
CVE-2024-38828
Description
Spring MVC controller methods with an @RequestBody byte[] method parameter are vulnerable to a DoS attack.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.springframework:spring-webmvcMaven | >= 5.3.0, < 5.3.42 | 5.3.42 |
Affected products
15- Range: >= 5.3.0, < 5.3.42
- osv-coords14 versionspkg:apk/chainguard/geoserver-2.26-communitypkg:apk/chainguard/geoserver-2.26-dockerpkg:apk/chainguard/geoserver-2.27-communitypkg:apk/chainguard/geoserver-2.27-dockerpkg:apk/chainguard/geoserver-2.28-communitypkg:apk/chainguard/geoserver-2.28-dockerpkg:apk/chainguard/seatapkg:apk/chainguard/seata-namingserver-oci-entrypointpkg:apk/chainguard/seata-openjdk-17-compatpkg:apk/chainguard/seata-openjdk-21-compatpkg:apk/chainguard/seata-openjdk-8-compatpkg:apk/chainguard/seata-serverpkg:apk/chainguard/seata-server-oci-entrypointpkg:maven/org.springframework/spring-webmvc
< 2.26.4-r0+ 13 more
- (no CPE)range: < 2.26.4-r0
- (no CPE)range: < 2.26.4-r0
- (no CPE)range: < 2.27.3-r0
- (no CPE)range: < 2.27.3-r0
- (no CPE)range: < 2.28.1-r1
- (no CPE)range: < 2.28.1-r1
- (no CPE)range: < 2.5.0-r3
- (no CPE)range: < 2.5.0-r3
- (no CPE)range: < 2.5.0-r3
- (no CPE)range: < 2.5.0-r3
- (no CPE)range: < 2.5.0-r3
- (no CPE)range: < 2.5.0-r3
- (no CPE)range: < 2.5.0-r3
- (no CPE)range: >= 5.3.0, < 5.3.42
Patches
Vulnerability mechanics
References
5News mentions
0No linked articles in our index yet.