Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2024-38829

Опубликовано: 04 дек. 2024
Источник: debian

Описание

A vulnerability in Spring LDAP allows data exposure for case sensitive comparisons.This issue affects Spring LDAP: from 2.4.0 through 2.4.3, from 3.0.0 through 3.0.9, from 3.1.0 through 3.1.7, from 3.2.0 through 3.2.7, AND all versions prior to 2.4.0. The usage of String.toLowerCase() and String.toUpperCase() has some Locale dependent exceptions that could potentially result in unintended columns from being queried Related to CVE-2024-38820 https://spring.io/security/cve-2024-38820

Пакеты

ПакетСтатусВерсия исправленияРелизТип
libspring-javaunfixedpackage

Примечания

  • https://spring.io/security/cve-2024-38829

  • Only supported for building applications shipped in Debian, see README.Debian.security

Связанные уязвимости

ubuntu логотип

CVE-2024-38829

CVSS3: 3.7
ubuntu
около 1 года назад

A vulnerability in Spring LDAP allows data exposure for case sensitive comparisons.This issue affects Spring LDAP: from 2.4.0 through 2.4.3, from 3.0.0 through 3.0.9, from 3.1.0 through 3.1.7, from 3.2.0 through 3.2.7, AND all versions prior to 2.4.0. The usage of String.toLowerCase() and String.toUpperCase() has some Locale dependent exceptions that could potentially result in unintended columns from being queried Related to CVE-2024-38820 https://spring.io/security/cve-2024-38820

redhat логотип

CVE-2024-38829

CVSS3: 3.7
redhat
около 1 года назад

A vulnerability in Spring LDAP allows data exposure for case sensitive comparisons.This issue affects Spring LDAP: from 2.4.0 through 2.4.3, from 3.0.0 through 3.0.9, from 3.1.0 through 3.1.7, from 3.2.0 through 3.2.7, AND all versions prior to 2.4.0. The usage of String.toLowerCase() and String.toUpperCase() has some Locale dependent exceptions that could potentially result in unintended columns from being queried Related to CVE-2024-38820 https://spring.io/security/cve-2024-38820

nvd логотип

CVE-2024-38829

CVSS3: 3.7
nvd
около 1 года назад

A vulnerability in Spring LDAP allows data exposure for case sensitive comparisons.This issue affects Spring LDAP: from 2.4.0 through 2.4.3, from 3.0.0 through 3.0.9, from 3.1.0 through 3.1.7, from 3.2.0 through 3.2.7, AND all versions prior to 2.4.0. The usage of String.toLowerCase() and String.toUpperCase() has some Locale dependent exceptions that could potentially result in unintended columns from being queried Related to CVE-2024-38820 https://spring.io/security/cve-2024-38820

github логотип

GHSA-mqvr-2rp8-j7h4

CVSS3: 3.7
github
около 1 года назад

Spring LDAP data exposure vulnerability

fstec логотип

BDU:2025-00124

CVSS3: 3.7
fstec
около 1 года назад

Уязвимость функций String.toLowerCase() и String.toUpperCase() проекта для упрощения работы с LDAP (Lightweight Directory Access Protocol) Spring LDAP, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации