CVE
CVE-2024-38820
| CVE ID |
CVE-2024-38820
|
|---|---|
| CVSS Score |
3.1
|
| Operating System | |
| Affected Versions |
Spring Framework
|
| Patched Versions |
5.3.42-OL
|
| Patch Date |
|
| Last Updated Date | |
| Vector String |
Additional Information
NVD Listing: NVD - CVE-2024-38820
The fix for CVE-2022-22968 made disallowedFields patterns in DataBinder case insensitive. However, String.toLowerCase() has some Locale dependent exceptions that could potentially result in fields not protected as expected.