Lucene search
K

37 matches found

OSV
OSV
added 2026/06/23 9:44 a.m.8 views

ROOT-APP-MAVEN-CVE-2024-38820 CVE-2024-38820 in io.root.org.springframework:spring-web - Patched by Root

Root has patched CVE-2024-38820 in the io.root.org.springframework:spring-web package for Root:Maven. Multiple fixed versions available...

5.3CVSS5.2AI score0.00631EPSS
Exploits1
IBM Security Bulletins
IBM Security Bulletins
added 2025/12/01 3:0 a.m.7 views

Security Bulletin: Vulnerabilities in Spring Context affect IBM SPSS Collaboration and Deployment Services (CVE-2025-22233, CVE-2024-38820)

Summary Vulnerabilities in Spring Context affect IBM SPSS Collaboration and Deployment Services CVE-2025-22233, CVE-2024-38820. These have been addressed in the remediation section. Vulnerability Details CVEID:CVE-2025-22233 DESCRIPTION: CVE-2024-38820 ensured Locale-independent, lowercase...

5.3CVSS6.3AI score0.00631EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/11/26 7:39 a.m.12 views

Security Bulletin: Vulnerability in IBM DevOps Solution Workbench

Summary The following vulnerability was addressed in IBM DevOps Solution Workbench version 5.1. Vulnerability Details CVEID:CVE-2024-38820 DESCRIPTION: The fix for CVE-2022-22968 made disallowedFields patterns in DataBinder case insensitive. However, String.toLowerCase has some Locale dependent...

5.3CVSS6.3AI score0.05666EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/11/03 2:13 a.m.14 views

Security Bulletin: IBM OpenPages for Cloud Pak for Data is Vulnerable to Multiple Spring Framework Vulnerabilities (CVE-2024-38828,CVE-2024-38820)

Summary Spring MVC controller vulnerable to a DoS attack and DataBinder Case Sensitive Match Exception. These vulnerabilities were remediated. Vulnerability Details CVEID:CVE-2024-38828 DESCRIPTION: Spring MVC controller methods with an @RequestBody byte method parameter are vulnerable to a DoS...

5.3CVSS6.7AI score0.00729EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/23 3:50 p.m.10 views

Security Bulletin: IBM Content Navigator consumes vulnerable spring framework library

Summary Spring Framework versions 5.3.0 - 5.3.18, 5.2.0 - 5.2.20, and older unsupported versions. A vulnerability where the fix for CVE-2022-22968 made disallowedFields patterns in DataBinder case insensitive, but String.toLowerCase has Locale-dependent exceptions that could potentially result in...

5.3CVSS6.2AI score0.05666EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/23 11:15 a.m.11 views

Security Bulletin: IBM Content Navigator consumes vulnerable spring framework library

Summary Spring Framework versions 5.3.0 - 5.3.18, 5.2.0 - 5.2.20, and older unsupported versions. The vulnerability involves case-sensitive patterns for disallowedFields on a DataBinder, meaning a field is not effectively protected unless it is listed with both upper and lower case for the first...

5.3CVSS6.4AI score0.00631EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/08 3:13 p.m.12 views

Security Bulletin: Multiple vulnerabilities in Spring may affect IBM Business Automation Workflow - CVE-2024-38820, CVE-2025-22233

Summary IBM Business Automation Workflow packages vulnerable copies of Spring framework. Vulnerability Details CVEID:CVE-2024-38820 DESCRIPTION: The fix for CVE-2022-22968 made disallowedFields patterns in DataBinder case insensitive. However, String.toLowerCase has some Locale dependent exceptio...

5.3CVSS6.4AI score0.00631EPSS
Exploits1Affected Software2
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2024-3490

Malicious code in bioql PyPI...

3.7CVSS6.3AI score0.00379EPSS
Exploits0References3
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/22 1:20 p.m.8 views

Security Bulletin: Vulnerability in DataBinder affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge.

Summary Potential vulnerability in DataBinde has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. . The vulnerability have been addressed. Refer to details for additional information...

5.3CVSS6.5AI score0.05666EPSS
Exploits2Affected Software2
Tenable Nessus
Tenable Nessus
added 2025/08/30 12:0 a.m.9 views

Linux Distros Unpatched Vulnerability : CVE-2024-38820

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The fix for CVE-2022-22968 made disallowedFields patterns in DataBinder case insensitive. However, String.toLowerCase has some Locale dependent exceptions that...

5.3CVSS6.7AI score0.05666EPSS
Exploits2References3
IBM Security Bulletins
IBM Security Bulletins
added 2025/07/08 6:49 a.m.9 views

Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in spring-context-5.3.24.jar

Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of spring-context-5.3.24.jar Vulnerability Details CVEID:CVE-2024-38820 DESCRIPTION: The fix for CVE-2022-22968 made disallowedFields patterns in DataBinder case insensitive. However, String.toLowerCase has some Locale...

5.3CVSS6.5AI score0.05666EPSS
Exploits2Affected Software1
OSV
OSV
added 2025/05/16 9:32 p.m.6 views

GHSA-4WP7-92PW-Q264 Spring Framework DataBinder Case Sensitive Match Exception

CVE-2024-38820 ensured Locale-independent, lowercase conversion for both the configured disallowedFields patterns and for request parameter names. However, there are still cases where it is possible to bypass the disallowedFields checks. Affected Spring Products and Versions Spring Framework: 6.2...

3.1CVSS6.8AI score0.00351EPSS
Exploits1References6
Github Security Blog
Github Security Blog
added 2025/05/16 9:32 p.m.20 views

Spring Framework DataBinder Case Sensitive Match Exception

CVE-2024-38820 ensured Locale-independent, lowercase conversion for both the configured disallowedFields patterns and for request parameter names. However, there are still cases where it is possible to bypass the disallowedFields checks. Affected Spring Products and Versions Spring Framework: 6.2...

5.3CVSS6.8AI score0.00631EPSS
Exploits1References6Affected Software1
Debian CVE
Debian CVE
added 2025/05/16 7:14 p.m.34 views

CVE-2025-22233

CVE-2024-38820 ensured Locale-independent, lowercase conversion for both the configured disallowedFields patterns and for request parameter names. However, there are still cases where it is possible to bypass the disallowedFields checks. Affected Spring Products and Versions Spring Framework: 6.2...

3.1CVSS6.2AI score0.00351EPSS
Exploits1
Vulnrichment
Vulnrichment
added 2025/05/16 7:14 p.m.37 views

CVE-2025-22233 Spring Framework DataBinder Case Sensitive Match Exception

CVE-2024-38820 ensured Locale-independent, lowercase conversion for both the configured disallowedFields patterns and for request parameter names. However, there are still cases where it is possible to bypass the disallowedFields checks. Affected Spring Products and Versions Spring Framework: 6.2...

3.1CVSS7.1AI score0.00351EPSS
Exploits1References1
vulnersOsv
vulnersOsv
added 2025/05/15 12:0 a.m.14 views

ai.ancf.lmos-router:lmos-router-hybrid-spring-boot-starter (=0.28.0), ai.ancf.lmos-router:lmos-router-llm-in-spring-cloud-gateway-demo (=0.28.0) +11703 more potentially affected by CVE-2024-38820 +1 more via org.springframework:spring-context (>=6.1.0 <=6.1.2)

org.springframework:spring-context MAVEN version =6.1.0, =0.1.1, =0.1.1, =0.1.1, =0.1.1, =0.0.4, =0.1.0, =0.1.0, =0.12.1 - ai.djl.spring:djl-spring-boot-starter-autoconfigure =0.26 - ai.djl.spring:djl-spring-boot-starter-mxnet-auto =0.26 - ai.djl.spring:djl-spring-boot-starter-mxnet-linux-x8664...

5.3CVSS6.6AI score0.00631EPSS
Exploits1
Snyk
Snyk
added 2025/05/15 12:0 a.m.9 views

Improper Handling of Case Sensitivity

Overview Affected versions of this package are vulnerable to Improper Handling of Case Sensitivity due to an incomplete fix for CVE-2024-38820, where it is still possible to bypass the disallowedFields checks. Note: This vulnerability was also fixed in commercial versions 6.0.28 and 5.3.43...

5.3CVSS7AI score0.00631EPSS
Exploits1References2
IBM Security Bulletins
IBM Security Bulletins
added 2025/05/08 2:39 p.m.14 views

Security Bulletin: VMware Tanzu Spring Framework could provide weaker than expected security, affects watsonx.data

Summary VMware Tanzu Spring Framework could provide weaker than expected security, caused by a flaw related to disallowedFields patterns in DataBinder is case insensitive. A remote attacker could exploit this vulnerability to launch further attacks on the system and this could affect watsonx.data...

5.3CVSS6.6AI score0.00631EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/05/05 6:33 a.m.27 views

Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to spring-context-6.1.11.jar CVE-2024-38820

Summary IBM Maximo Application Suite - Monitor Component is vulnerable to spring-context-6.1.11.jar CVE-2024-38820. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2024-38820 DESCRIPTION: VMware Tanzu Spring Framework could provide weaker...

5.3CVSS6.3AI score0.00631EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/05/01 7:52 p.m.20 views

Security Bulletin: IBM Watson Speech Services Cartridge v4.8.8 is vulnerable to weak security in VMware Tanzu Spring [CVE-2024-38820]

Summary IBM Watson Speech Services Cartridge is vulnerable to weak security in VMware Tanzu Spring, caused by a flaw related to disallowedFields patterns and case insensitivity in DataBinder CVE-2024-38820. VMware Tanzu Spring is used in our Speech microservices. This vulnerabilitiy has been...

5.3CVSS6.2AI score0.00631EPSS
Exploits1Affected Software1
Rows per page
Query Builder