Lucene search
K

206 matches found

OSV
OSV
added 2025/08/29 6:55 p.m.3 views

MAL-2025-41953 Malicious code in case-sensitive-paths (npm)

The package case-sensitive-paths was found to contain malicious code. --- -= Per source details. Do not edit below this line.=-...

7AI score
Exploits0References2
OSV
OSV
added 2025/08/01 1:3 p.m.7 views

OESA-2025-1938 python-Flask-Cors security update

A Flask extension for handling Cross Origin Resource Sharing CORS, making cross-origin AJAX possible. Security Fixes: corydolphin/flask-cors version 4.0.1 contains an improper regex path matching vulnerability. The plugin prioritizes longer regex patterns over more specific ones when matching...

7.5CVSS6.7AI score0.00652EPSS
Exploits3References4
OSV
OSV
added 2025/07/02 4:59 a.m.6 views

USN-7612-1 python-flask-cors vulnerabilities

It was discovered that Flask-CORS did not correctly handle certain regular expressions. A remote attacker could possibly use this issue to leak sensitive information or bypass authentication mechanisms. CVE-2024-6839 It was discovered that Flask-CORS allowed certain CORS headers to be enabled by...

7.5CVSS6.8AI score0.00677EPSS
Exploits5References6
CNNVD
CNNVD
added 2025/05/29 12:0 a.m.6 views

Apache Tomcat 安全漏洞

Apache Tomcat is the United States Apache Apache Foundation of a lightweight Web application server . Used to implement the Servlet and JavaServer Page JSP support. A security bypass vulnerability exists in Apache Tomcat due to improper handling of a case-sensitive vulnerability in the GCI servle...

7.3CVSS6.5AI score0.02736EPSS
Exploits1References3
Github Security Blog
Github Security Blog
added 2025/05/16 9:32 p.m.20 views

Spring Framework DataBinder Case Sensitive Match Exception

CVE-2024-38820 ensured Locale-independent, lowercase conversion for both the configured disallowedFields patterns and for request parameter names. However, there are still cases where it is possible to bypass the disallowedFields checks. Affected Spring Products and Versions Spring Framework: 6.2...

5.3CVSS6.8AI score0.00631EPSS
Exploits1References6Affected Software1
NVD
NVD
added 2024/12/04 9:15 p.m.59 views

CVE-2024-38829

A vulnerability in Spring LDAP allows data exposure for case sensitive comparisons.This issue affects Spring LDAP: from 2.4.0 through 2.4.3, from 3.0.0 through 3.0.9, from 3.1.0 through 3.1.7, from 3.2.0 through 3.2.7, AND all versions prior to 2.4.0. The usage of String.toLowerCase and...

3.7CVSS0.00379EPSS
Exploits0References1
OSV
OSV
added 2024/12/04 9:15 p.m.21 views

CVE-2024-38829

A vulnerability in Spring LDAP allows data exposure for case sensitive comparisons.This issue affects Spring LDAP: from 2.4.0 through 2.4.3, from 3.0.0 through 3.0.9, from 3.1.0 through 3.1.7, from 3.2.0 through 3.2.7, AND all versions prior to 2.4.0. The usage of String.toLowerCase and...

3.7CVSS6.5AI score0.00379EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/12/04 9:6 p.m.23 views

CVE-2024-38829 Spring LDAP sensitive data exposure for case-sensitive comparisons

A vulnerability in Spring LDAP allows data exposure for case sensitive comparisons.This issue affects Spring LDAP: from 2.4.0 through 2.4.3, from 3.0.0 through 3.0.9, from 3.1.0 through 3.1.7, from 3.2.0 through 3.2.7, AND all versions prior to 2.4.0. The usage of String.toLowerCase and...

3.7CVSS3.8AI score0.00379EPSS
Exploits0References1
CVE
CVE
added 2024/12/04 9:6 p.m.326 views

CVE-2024-38829

CVE-2024-38829 is described as a vulnerability in Spring LDAP that enables data exposure due to case-sensitive comparisons. The issue affects Spring LDAP versions ranging from the earliest releases up to 2.4.3, and then 3.0.0–3.0.9, 3.1.0–3.1.7, and 3.2.0–3.2.7, including all versions prior to 2....

3.7CVSS3.8AI score0.00379EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/12/04 9:6 p.m.36 views

CVE-2024-38829 Spring LDAP sensitive data exposure for case-sensitive comparisons

A vulnerability in Spring LDAP allows data exposure for case sensitive comparisons.This issue affects Spring LDAP: from 2.4.0 through 2.4.3, from 3.0.0 through 3.0.9, from 3.1.0 through 3.1.7, from 3.2.0 through 3.2.7, AND all versions prior to 2.4.0. The usage of String.toLowerCase and...

3.7CVSS0.00379EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2024/12/04 9:6 p.m.25 views

CVE-2024-38829

A vulnerability in Spring LDAP allows data exposure for case sensitive comparisons.This issue affects Spring LDAP: from 2.4.0 through 2.4.3, from 3.0.0 through 3.0.9, from 3.1.0 through 3.1.7, from 3.2.0 through 3.2.7, AND all versions prior to 2.4.0. The usage of String.toLowerCase and...

3.7CVSS4.9AI score0.00379EPSS
Exploits0
CNNVD
CNNVD
added 2024/12/04 12:0 a.m.5 views

VMware Tanzu Spring LDAP 安全漏洞

VMware Tanzu Spring LDAP is a library from VMware that simplifies LDAP programming in Java. A security vulnerability exists in VMware Tanzu Spring LDAP that originates from allowing data to be exposed in case-sensitive comparisons...

3.7CVSS5.8AI score0.00379EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2024/12/02 3:31 p.m.112 views

Spring Framework has Authorization Bypass for Case Sensitive Comparisons

The usage of String.toLowerCase and String.toUpperCase has some Locale dependent exceptions that could potentially result in authorization rules not working properly...

4.8CVSS6.8AI score0.00385EPSS
Exploits0References7Affected Software1
Cvelist
Cvelist
added 2024/12/02 2:32 p.m.51 views

CVE-2024-38827 Spring Security Authorization Bypass for Case Sensitive Comparisons

The usage of String.toLowerCase and String.toUpperCase has some Locale dependent exceptions that could potentially result in authorization rules not working properly...

4.8CVSS0.00385EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2024/10/22 12:0 a.m.58 views

VMware Spring Framework 5.3.0 < 5.3.41, 6.0.x < 6.0.25, 6.1.x < 6.1.14 Multiple Vulnerabilities - Linux

The VMware Spring Framework is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

7.5CVSS7.9AI score0.54862EPSS
Exploits7References4
OpenVAS
OpenVAS
added 2024/10/22 12:0 a.m.39 views

VMware Spring Framework 5.3.0 < 5.3.41, 6.0.x < 6.0.25, 6.1.x < 6.1.14 Multiple Vulnerabilities - Windows

The VMware Spring Framework is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

7.5CVSS7.9AI score0.54862EPSS
Exploits7References4
Github Security Blog
Github Security Blog
added 2024/10/18 6:30 a.m.158 views

Spring Framework DataBinder Case Sensitive Match Exception

The fix for CVE-2022-22968 made disallowedFields patterns in DataBinder case insensitive. However, String.toLowerCase has some Locale dependent exceptions that could potentially result in fields not protected as expected...

5.3CVSS6.6AI score0.00631EPSS
Exploits1References6Affected Software2
CVE
CVE
added 2024/10/18 5:39 a.m.441 views

CVE-2024-38820

The CVE-2024-38820 issue concerns Spring Framework DataBinder: lowercase conversion for disallowedFields and request parameter names was made locale-independent, but locale-dependent edge cases in String.toLowerCase() can still bypass the checks. Affected products/versions from linked advisories ...

5.3CVSS3.9AI score0.00631EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2024/10/18 5:39 a.m.55 views

CVE-2024-38820 CVE-2024-38820: Spring Framework DataBinder Case Sensitive Match Exception

The fix for CVE-2022-22968 made disallowedFields patterns in DataBinder case insensitive. However, String.toLowerCase has some Locale dependent exceptions that could potentially result in fields not protected as expected...

3.1CVSS0.00631EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2024/10/18 5:39 a.m.34 views

CVE-2024-38820 CVE-2024-38820: Spring Framework DataBinder Case Sensitive Match Exception

The fix for CVE-2022-22968 made disallowedFields patterns in DataBinder case insensitive. However, String.toLowerCase has some Locale dependent exceptions that could potentially result in fields not protected as expected...

3.1CVSS6.7AI score0.00631EPSS
Exploits1References1
Rows per page
Query Builder