Low severity3.7NVD Advisory· Published Dec 4, 2024· Updated Apr 15, 2026

CVE-2024-38829

Description

A vulnerability in Spring LDAP allows data exposure for case sensitive comparisons.This issue affects Spring LDAP: from 2.4.0 through 2.4.3, from 3.0.0 through 3.0.9, from 3.1.0 through 3.1.7, from 3.2.0 through 3.2.7, AND all versions prior to 2.4.0.

The usage of String.toLowerCase() and String.toUpperCase() has some Locale dependent exceptions that could potentially result in unintended columns from being queried Related to CVE-2024-38820 https://spring.io/security/cve-2024-38820

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
org.springframework.ldap:spring-ldap-coreMaven	>= 3.0.0, < 3.2.8	3.2.8
org.springframework.ldap:spring-ldap-coreMaven	< 2.4.4	2.4.4

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/advisories/GHSA-mqvr-2rp8-j7h4ghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2024-38829ghsaADVISORY
spring.io/security/cve-2024-38829nvdWEB

News mentions

No linked articles in our index yet.

cvss	0.240
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000