Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2024-38820

Опубликовано: 18 окт. 2024
Источник: ubuntu
Приоритет: medium
EPSS Низкий
CVSS3: 3.1

Описание

The fix for CVE-2022-22968 made disallowedFields patterns in DataBinder case insensitive. However, String.toLowerCase() has some Locale dependent exceptions that could potentially result in fields not protected as expected.

РелизСтатусПримечание
devel

needs-triage

esm-apps/bionic

needs-triage

esm-apps/focal

needs-triage

esm-apps/jammy

needs-triage

esm-apps/noble

needs-triage

esm-apps/xenial

needs-triage

esm-infra-legacy/trusty

needs-triage

focal

ignored

end of standard support, was needs-triage
jammy

needs-triage

noble

needs-triage

Показывать по

Ссылки на источники

EPSS

Процентиль: 9%
0.00036
Низкий

3.1 Low

CVSS3

Связанные уязвимости

nvd логотип

CVE-2024-38820

CVSS3: 3.1
nvd
8 месяцев назад

The fix for CVE-2022-22968 made disallowedFields patterns in DataBinder case insensitive. However, String.toLowerCase() has some Locale dependent exceptions that could potentially result in fields not protected as expected.

debian логотип

CVE-2024-38820

CVSS3: 3.1
debian
8 месяцев назад

The fix for CVE-2022-22968 made disallowedFieldspatterns in DataBinder ...

github логотип

GHSA-4gc7-5j7h-4qph

CVSS3: 5.3
github
8 месяцев назад

Spring Framework DataBinder Case Sensitive Match Exception

EPSS

Процентиль: 9%
0.00036
Низкий

3.1 Low

CVSS3