The fix for CVE-2022-22968 made disallowedFields patterns in DataBinder case insensitive. However, String.toLowerCase() has some Locale dependent exceptions that could potentially result in fields not protected as expected.
Metrics
Affected Vendors & Products
References
History
Fri, 29 Nov 2024 12:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
References |
|
Tue, 05 Nov 2024 21:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Weaknesses | CWE-178 |
Tue, 22 Oct 2024 16:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Vmware
Vmware spring Framework |
|
Weaknesses | NVD-CWE-noinfo | |
CPEs | cpe:2.3:a:vmware:spring_framework:*:*:*:*:*:*:*:* | |
Vendors & Products |
Vmware
Vmware spring Framework |
Fri, 18 Oct 2024 17:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Fri, 18 Oct 2024 05:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | The fix for CVE-2022-22968 made disallowedFields patterns in DataBinder case insensitive. However, String.toLowerCase() has some Locale dependent exceptions that could potentially result in fields not protected as expected. | |
Title | CVE-2024-38820: Spring Framework DataBinder Case Sensitive Match Exception | |
References |
| |
Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: vmware
Published: 2024-10-18T05:39:05.275Z
Updated: 2024-11-29T12:04:41.387Z
Reserved: 2024-06-19T22:32:06.583Z
Link: CVE-2024-38820
Vulnrichment
Updated: 2024-11-29T12:04:41.387Z
NVD
Status : Modified
Published: 2024-10-18T06:15:03.333
Modified: 2024-11-29T12:15:07.007
Link: CVE-2024-38820
Redhat
No data.