Vmware Spring vulnerabilities
2 known vulnerabilities affecting vmware/spring.
Total CVEs
2
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
MEDIUM2
Vulnerabilities
Page 1 of 1
CVE-2024-38820MEDIUMCVSS 5.3≥ 5.3.x, < 5.3.41≥ 6.0.x, < 6.0.25+1 more2024-10-18
CVE-2024-38820 [MEDIUM] CVE-2024-38820: Spring Framework DataBinder Case Sensitive Match Exception
CVE-2024-38820: Spring Framework DataBinder Case Sensitive Match Exception
The fix for CVE-2022-22968 made disallowedFields patterns in DataBinder case insensitive. However, String.toLowerCase() has some Locale dependent exceptions that could potentially result in fields not protected as expected.
cvelistv5
CVE-2022-22968MEDIUMCVSS 5.3≥ 5.3.x, < 5.3.41≥ 6.0.x, < 6.0.25+1 more2022-04-14
CVE-2022-22968 [MEDIUM] CWE-178 CVE-2022-22968: In Spring Framework versions 5.3.0 - 5.3.18, 5.2.0 - 5.2.20, and older unsupported versions, the pat
In Spring Framework versions 5.3.0 - 5.3.18, 5.2.0 - 5.2.20, and older unsupported versions, the patterns for disallowedFields on a DataBinder are case sensitive which means a field is not effectively protected unless it is listed with both upper and lower case for the first character of the field, including upper and lower case for the first charac
nvd