Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

CVE-2024-38827

Good to know:

icon
icon

Date: December 2, 2024

The usage of String.toLowerCase() and String.toUpperCase() has some Locale dependent exceptions that could potentially result in authorization rules not working properly.

Language: Java

Severity Score

Related Resources (10)

https://github.com/spring-projects/spring-framework/issues/34232
https://spring.io/security/cve-2024-38827
https://github.com/spring-projects/spring-framework/issues/33708
https://nvd.nist.gov/vuln/detail/CVE-2024-38827
https://github.com/spring-projects/spring-framework/commit/11d4272ff48b4a4dabc4b28dfbff0364a4204bc9
https://github.com/spring-projects/spring-framework
https://security.netapp.com/advisory/ntap-20250124-0007
https://github.com/spring-projects/spring-security
https://security.netapp.com/advisory/ntap-20250124-0007/
https://www.mend.io/vulnerability-database/CVE-2024-38827

Severity Score

Weakness Type (CWE)

Improper Authorization

CWE-285

Authorization Bypass Through User-Controlled Key

CWE-639

Top Fix

icon

Upgrade Version

Upgrade to version org.springframework.security:spring-security-taglibs:5.8.15-spring-security-5.8.16;org.springframework.security:spring-security-taglibs:5.7.13-spring-security-5.7.14;org.springframework.security:spring-security-taglibs:4.2.20-spring-security-4.2.21;org.springframework.security:spring-security-cas:5.8.15-spring-security-5.8.16;org.springframework.security:spring-security-cas:5.7.13-spring-security-5.7.14;org.springframework.security:spring-security-cas:4.2.20-spring-security-4.2.21;org.springframework.security:spring-security-oauth2-client:5.8.15-spring-security-5.8.16;org.springframework.security:spring-security-oauth2-client:5.7.13-spring-security-5.7.14;org.springframework.security:spring-security-web:5.8.15-spring-security-5.8.16;org.springframework.security:spring-security-web:5.7.13-spring-security-5.7.14;org.springframework.security:spring-security-web:4.2.20-spring-security-4.2.21;org.springframework.security:spring-security-web:5.8.14-spring-security-5.8.15;org.springframework.security:spring-security-web:5.7.12-spring-security-5.7.13;org.springframework.security:spring-security-crypto:5.8.15-spring-security-5.8.16;org.springframework.security:spring-security-crypto:5.7.13-spring-security-5.7.14;org.springframework.security:spring-security-crypto:4.2.20-spring-security-4.2.21;org.springframework.security:spring-security-core:6.3.5;org.springframework.security:spring-security-core:5.7.14;org.springframework.security:spring-security-core:5.8.16;org.springframework.security:spring-security-core:5.7.13-spring-security-5.7.14;org.springframework.security:spring-security-core:4.2.20-spring-security-4.2.21;org.springframework.security:spring-security-core:6.2.8;org.springframework.security:spring-security-config:5.8.15-spring-security-5.8.16;org.springframework.security:spring-security-config:5.7.13-spring-security-5.7.14;org.springframework.security:spring-security-config:4.2.20-spring-security-4.2.21;org.springframework.security:spring-security-ldap:5.8.15-spring-security-5.8.16;org.springframework.security:spring-security-ldap:5.7.13-spring-security-5.7.14;org.springframework.security:spring-security-ldap:4.2.20-spring-security-4.2.21;org.springframework.security:spring-security-data:5.7.13-spring-security-5.7.14;org.springframework.security:spring-security-data:5.8.15-spring-security-5.8.16;org.springframework.security:spring-security-data:4.2.20-spring-security-4.2.21

Learn More

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): HIGH
Privileges Required (PR): NONE
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality (C): LOW
Integrity (I): LOW
Availability (A): NONE

Do you need more information?

Contact Us