CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

6593 matches found

F5 Networks•added 2024/12/12 4:11 a.m.•14 views

K000148958: Spring WebFlux vulnerability CVE-2024-38821

Security Advisory Description Spring WebFlux applications that have Spring Security authorization rules on static resources can be bypassed under certain circumstances. For this to impact an application, all of the following must be true: It must be a WebFlux application It must be using Spring's...

9.1CVSS6.8AI score0.1309EPSS

Exploits2

Spring Engineering•added 2024/12/12 12:0 a.m.•10 views

A Bootiful Podcast: the amazing K. Siva Prasad Reddy (SivaLabs)

Hi, Spring fans! In today's installment I talk to industry legend K. Siva Prasad Reddy @sivalabs. You've probably read one of his blogs. I know I have!...

7.1AI score

Exploits0

Spring Engineering•added 2024/12/12 12:0 a.m.•3 views

A Bootiful Podcast: Intact's Luke Shannon

Hi, Spring fans! and happy holidays! in this installment I talk to Intact's Luke Shannon about their use of Spring, developer portals, and so much more...

7.1AI score

Exploits0

Spring Engineering•added 2024/12/11 12:0 a.m.•32 views

Announcing Spring AI MCP: A Java SDK for the Model Context Protocol

We're excited to introduce Spring AI MCP, a robust Java SDK implementation of the Model Context Protocol MCP. This new addition to the Spring AI ecosystem brings standardized AI model integration capabilities to the Java platform. What is MCP? The Model Context Protocol MCP is an open protocol th...

7AI score

Exploits0

Spring Engineering•added 2024/12/10 12:0 a.m.•13 views

Introducing Spring AI Amazon Bedrock Nova Integration via Converse API

The Amazon Bedrock Nova models represent a new generation of foundation models supporting a broad range of use cases, from text and image understanding to video-to-text analysis. With the Spring AI Bedrock Converse API integration, developers can seamlessly connect to these advanced Nova models a...

7.3AI score

Exploits0

Spring Engineering•added 2024/12/10 12:0 a.m.•4 views

This Week in Spring - December 10th, 2024

Hi, Spring fans! Welcome to another installment of This Week in Spring! As I write this I am in the southern hemisphere it's summer down here!, in Brisbane, waiting to board a plane for Sydney. It's been a ton of fun! I did a video looking at the latest-and-greatest in Spring Framework 6.2 - chec...

7.1AI score

Exploits0

Spring Engineering•added 2024/12/05 12:0 a.m.•24 views

A Bootiful Podcast: Spring Security lead Rob Winch on the amazing Spring Security 6.4 release

Hi, Spring fans! In this installment, we'll talk to the amazing Rob Winch, lead of Spring Security 6.4, about the jam-packed new release! spring springboot security java...

7.1AI score

Exploits0

RedhatCVE•added 2024/12/04 11:12 p.m.•24 views

CVE-2024-38829

A flaw was found in Spring LDAP. The usage of String.toLowerCase and String.toUpperCase has some locale dependent exceptions that could result in unintended columns being queried...

3.7CVSS6.6AI score0.00132EPSS

Exploits0References4

vulnersOsv•added 2024/12/04 9:30 p.m.•3 views

be.dnsbelgium:rdap-server (>=0.3.3 <=1.1.0), cc.chensoul.nacos:core-test (=2.5.2) +866 more potentially affected by CVE-2024-38829 via org.springframework.ldap:spring-ldap-core (>=1.3.0.RELEASE <=2.4.2)

org.springframework.ldap:spring-ldap-core MAVEN version =1.3.0.RELEASE, =0.3.3, =8.1.0.286, =8.1.0.286, =8.1.0.286, =8.1.0.286, =8.1.0.286, =8.1.0.286, =8.1.0.286, =8.1.0.286, =8.1.0.286, =8.1.0.567.22 and more Source cves: CVE-2024-38829 Source advisory: OSV:GHSA-MQVR-2RP8-J7H4...

3.7CVSS5.8AI score0.00132EPSS

Exploits0

vulnersOsv•added 2024/12/04 9:30 p.m.•4 views

cc.zzzyu.nacos:default-auth-plugin (=3.1.1), cc.zzzyu.nacos:nacos-console (=3.1.1) +139 more potentially affected by CVE-2024-38829 via org.springframework.ldap:spring-ldap-core (>=3.0.0 <=3.2.7)

org.springframework.ldap:spring-ldap-core MAVEN version =3.0.0, =0.0.11, =4.7.1, =4.7.1, =4.7.1, =4.7.1, =4.7.1, =4.7.1, =4.7.1, =4.7.1, =4.7.1, =4.7.1, =4.11.5 and more Source cves: CVE-2024-38829 Source advisory: OSV:GHSA-MQVR-2RP8-J7H4...

3.7CVSS5.8AI score0.00132EPSS

Exploits0

OSV•added 2024/12/04 9:30 p.m.•0 views

GHSA-MQVR-2RP8-J7H4 Spring LDAP data exposure vulnerability

A vulnerability in Spring LDAP allows data exposure for case sensitive comparisons.This issue affects Spring LDAP: from 2.4.0 through 2.4.3, from 3.0.0 through 3.0.9, from 3.1.0 through 3.1.7, from 3.2.0 through 3.2.7, AND all versions prior to 2.4.0. The usage of String.toLowerCase and...

6.3CVSS6.8AI score0.00132EPSS

Exploits0References3

Github Security Blog•added 2024/12/04 9:30 p.m.•25 views

Spring LDAP data exposure vulnerability

3.7CVSS3.8AI score0.00132EPSS

Exploits0References3Affected Software1

OSV•added 2024/12/04 9:15 p.m.•4 views

DEBIAN-CVE-2024-38829

3.7CVSS4.9AI score0.00132EPSS

Exploits0References1

NVD•added 2024/12/04 9:15 p.m.•39 views

CVE-2024-38829

3.7CVSS0.00132EPSS

Exploits0References1

OSV•added 2024/12/04 9:15 p.m.•18 views

CVE-2024-38829

3.7CVSS6.5AI score0.00132EPSS

Exploits0References1

OSV•added 2024/12/04 9:15 p.m.•0 views

UBUNTU-CVE-2024-38829

3.7CVSS6.5AI score0.00132EPSS

Exploits0References3

Cvelist•added 2024/12/04 9:6 p.m.•32 views

CVE-2024-38829 Spring LDAP sensitive data exposure for case-sensitive comparisons

3.7CVSS0.00132EPSS

Exploits0References1

CVE•added 2024/12/04 9:6 p.m.•322 views

CVE-2024-38829

CVE-2024-38829 is described as a vulnerability in Spring LDAP that enables data exposure due to case-sensitive comparisons. The issue affects Spring LDAP versions ranging from the earliest releases up to 2.4.3, and then 3.0.0–3.0.9, 3.1.0–3.1.7, and 3.2.0–3.2.7, including all versions prior to 2....

3.7CVSS3.8AI score0.00132EPSS

Exploits0References1