CVE-2024-38807 CVE-2024-38807: Signature Forgery Vulnerability in Spring Boot's Loader

🗓️ 23 Aug 2024 08:26:11Reported by vmwareType

Signature Forgery Vulnerability in Spring Boot's Loader CVE-2024-3880

Reporter	Title	Published	Views	Family All 29
Circl	CVE-2024-38807	23 Aug 202412:06	–	circl
CNNVD	VMware Spring Boot 安全漏洞	23 Aug 202400:00	–	cnnvd
CVE	CVE-2024-38807	23 Aug 202408:26	–	cve
Debian CVE	CVE-2024-38807	23 Aug 202408:26	–	debiancve
EUVD	EUVD-2024-2526	3 Oct 202520:07	–	euvd
Github Security Blog	Signature forgery in Spring Boot's Loader	23 Aug 202409:30	–	github
NCSC	Vulnerabilities fixed in Oracle Communications	22 Jan 202513:30	–	ncsc
NVD	CVE-2024-38807	23 Aug 202409:15	–	nvd
OpenVAS	VMware Spring Boot 2.7.x < 2.7.22, 3.0.x < 3.0.17, 3.1.x < 3.1.13, 3.2.x < 3.2.9, 3.3.x < 3.3.3 Signature Forgery Vulnerability - Linux	24 Sep 202400:00	–	openvas
OpenVAS	VMware Spring Boot 2.7.x < 2.7.22, 3.0.x < 3.0.17, 3.1.x < 3.1.13, 3.2.x < 3.2.9, 3.3.x < 3.3.3 Signature Forgery Vulnerability - Windows	24 Sep 202400:00	–	openvas

[
  {
    "defaultStatus": "unaffected",
    "packageName": "Spring Boot",
    "product": "Spring Boot",
    "vendor": "Spring",
    "versions": [
      {
        "lessThan": "2.7.22",
        "status": "affected",
        "version": "2.7.x",
        "versionType": "enterprise support only"
      },
      {
        "lessThan": "3.0.17",
        "status": "affected",
        "version": "3.0.x",
        "versionType": "enterprise support only"
      },
      {
        "lessThan": "3.1.13",
        "status": "affected",
        "version": "3.1.x",
        "versionType": "enterprise support only"
      },
      {
        "lessThan": "3.2.9",
        "status": "affected",
        "version": "3.2.x",
        "versionType": "OSS"
      },
      {
        "lessThan": "3.3.3",
        "status": "affected",
        "version": "3.3.x",
        "versionType": "OSS"
      }
    ]
  }
]

Source	Link
spring	www.spring.io/security/cve-2024-38807

23 Aug 2024 08:26Current

CVSS 3.16.3

EPSS0.00123