Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2024-38820

Опубликовано: 18 окт. 2024
Источник: debian
EPSS Низкий

Описание

The fix for CVE-2022-22968 made disallowedFields patterns in DataBinder case insensitive. However, String.toLowerCase() has some Locale dependent exceptions that could potentially result in fields not protected as expected.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
libspring-javaunfixedpackage

Примечания

  • https://spring.io/security/cve-2024-38820

  • Only supported for building applications shipped in Debian, see README.Debian.security

EPSS

Процентиль: 9%
0.00036
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2024-38820

CVSS3: 3.1
ubuntu
8 месяцев назад

The fix for CVE-2022-22968 made disallowedFields patterns in DataBinder case insensitive. However, String.toLowerCase() has some Locale dependent exceptions that could potentially result in fields not protected as expected.

nvd логотип

CVE-2024-38820

CVSS3: 3.1
nvd
8 месяцев назад

The fix for CVE-2022-22968 made disallowedFields patterns in DataBinder case insensitive. However, String.toLowerCase() has some Locale dependent exceptions that could potentially result in fields not protected as expected.

github логотип

GHSA-4gc7-5j7h-4qph

CVSS3: 5.3
github
8 месяцев назад

Spring Framework DataBinder Case Sensitive Match Exception

EPSS

Процентиль: 9%
0.00036
Низкий