7 matches found
Linux Distros Unpatched Vulnerability : CVE-2024-38807
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Applications that use spring-boot-loader or spring-boot-loader-classic and contain custom code that performs signature verification of nested jar files may be...
CVE-2024-38807
creationtimestamp| type| source ---|---|--- 2024-08-23 12:06:47+00:00| seen| https://t.me/cvedetector/3981...
com.alipay.sofa.koupleless:arklet-springboot-starter (>=1.0.0 <=1.4.2), com.alipay.sofa.koupleless:koupleless-base-starter (>=1.0.0 <=1.4.2) +84 more potentially affected by CVE-2024-38807 via org.springframework.boot:spring-boot-loader (>=2.7.0 <=2.7.2)
org.springframework.boot:spring-boot-loader MAVEN version =2.7.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =0.5.1, =0.5.1, =2.2.4, =2.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.1 and more Source cves: CVE-2024-38807 Source advisory:...
com.wizzdi:FlexiCore (=7.0.0), org.springframework.boot:spring-boot-jarmode-layertools (>=3.0.0 <=3.0.13) +2 more potentially affected by CVE-2024-38807 via org.springframework.boot:spring-boot-loader (>=3.0.0 <=3.0.13)
org.springframework.boot:spring-boot-loader MAVEN version =3.0.0, =3.0.0, =4.0.0, =4.0.0, =4.0.6 Source cves: CVE-2024-38807 Source advisory: OSV:GHSA-7CJ3-X93G-GJ76...
io.americanexpress.synapse:sample-function-greeter-gcp (>=0.4.0 <=0.4.14), io.zipkin:zipkin-server (>=3.0.0 <=3.3.0) +3 more potentially affected by CVE-2024-38807 via org.springframework.boot:spring-boot-loader-classic (>=3.2.0 <=3.2.8)
org.springframework.boot:spring-boot-loader-classic MAVEN version =3.2.0, =0.4.0, =3.0.0, =3.2.0, =4.1.0, =4.1.0, =4.1.5 Source cves: CVE-2024-38807 Source advisory: OSV:GHSA-7CJ3-X93G-GJ76...
CVE-2024-38807
Applications that use spring-boot-loader or spring-boot-loader-classic and contain custom code that performs signature verification of nested jar files may be vulnerable to signature forgery where content that appears to have been signed by one signer has, in fact, been signed by another...
CVE-2024-38807 CVE-2024-38807: Signature Forgery Vulnerability in Spring Boot's Loader
Applications that use spring-boot-loader or spring-boot-loader-classic and contain custom code that performs signature verification of nested jar files may be vulnerable to signature forgery where content that appears to have been signed by one signer has, in fact, been signed by another...