38 matches found
EUVD-2024-3490
Malicious code in bioql PyPI...
EUVD-2022-4787
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2024-38829
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability in Spring LDAP allows data exposure for case sensitive comparisons.This issue affects Spring LDAP: from 2.4.0 through 2.4.3, from 3.0.0 through...
Sensitive Information Exposure
org.springframework.ldap:spring-ldap-core is vulnerable to Sensitive Information Exposure. The vulnerability is due to improper handling of case conversions using String.toLowerCase and String.toUpperCase methods, which can have locale-dependent exceptions. This may lead to unintended columns bei...
CVE-2024-38829
A flaw was found in Spring LDAP. The usage of String.toLowerCase and String.toUpperCase has some locale dependent exceptions that could result in unintended columns being queried...
be.dnsbelgium:rdap-server (>=0.3.3 <=1.1.0), cc.chensoul.nacos:core-test (=2.5.2) +866 more potentially affected by CVE-2024-38829 via org.springframework.ldap:spring-ldap-core (>=1.3.0.RELEASE <=2.4.2)
org.springframework.ldap:spring-ldap-core MAVEN version =1.3.0.RELEASE, =0.3.3, =8.1.0.286, =8.1.0.286, =8.1.0.286, =8.1.0.286, =8.1.0.286, =8.1.0.286, =8.1.0.286, =8.1.0.286, =8.1.0.286, =8.1.0.567.22 and more Source cves: CVE-2024-38829 Source advisory: OSV:GHSA-MQVR-2RP8-J7H4...
cc.zzzyu.nacos:default-auth-plugin (=3.1.1), cc.zzzyu.nacos:nacos-console (=3.1.1) +139 more potentially affected by CVE-2024-38829 via org.springframework.ldap:spring-ldap-core (>=3.0.0 <=3.2.7)
org.springframework.ldap:spring-ldap-core MAVEN version =3.0.0, =0.0.11, =4.7.1, =4.7.1, =4.7.1, =4.7.1, =4.7.1, =4.7.1, =4.7.1, =4.7.1, =4.7.1, =4.7.1, =4.11.5 and more Source cves: CVE-2024-38829 Source advisory: OSV:GHSA-MQVR-2RP8-J7H4...
GHSA-MQVR-2RP8-J7H4 Spring LDAP data exposure vulnerability
A vulnerability in Spring LDAP allows data exposure for case sensitive comparisons.This issue affects Spring LDAP: from 2.4.0 through 2.4.3, from 3.0.0 through 3.0.9, from 3.1.0 through 3.1.7, from 3.2.0 through 3.2.7, AND all versions prior to 2.4.0. The usage of String.toLowerCase and...
Spring LDAP data exposure vulnerability
A vulnerability in Spring LDAP allows data exposure for case sensitive comparisons.This issue affects Spring LDAP: from 2.4.0 through 2.4.3, from 3.0.0 through 3.0.9, from 3.1.0 through 3.1.7, from 3.2.0 through 3.2.7, AND all versions prior to 2.4.0. The usage of String.toLowerCase and...
DEBIAN-CVE-2024-38829
A vulnerability in Spring LDAP allows data exposure for case sensitive comparisons.This issue affects Spring LDAP: from 2.4.0 through 2.4.3, from 3.0.0 through 3.0.9, from 3.1.0 through 3.1.7, from 3.2.0 through 3.2.7, AND all versions prior to 2.4.0. The usage of String.toLowerCase and...
CVE-2024-38829
A vulnerability in Spring LDAP allows data exposure for case sensitive comparisons.This issue affects Spring LDAP: from 2.4.0 through 2.4.3, from 3.0.0 through 3.0.9, from 3.1.0 through 3.1.7, from 3.2.0 through 3.2.7, AND all versions prior to 2.4.0. The usage of String.toLowerCase and...
UBUNTU-CVE-2024-38829
A vulnerability in Spring LDAP allows data exposure for case sensitive comparisons.This issue affects Spring LDAP: from 2.4.0 through 2.4.3, from 3.0.0 through 3.0.9, from 3.1.0 through 3.1.7, from 3.2.0 through 3.2.7, AND all versions prior to 2.4.0. The usage of String.toLowerCase and...
CVE-2024-38829 Spring LDAP sensitive data exposure for case-sensitive comparisons
A vulnerability in Spring LDAP allows data exposure for case sensitive comparisons.This issue affects Spring LDAP: from 2.4.0 through 2.4.3, from 3.0.0 through 3.0.9, from 3.1.0 through 3.1.7, from 3.2.0 through 3.2.7, AND all versions prior to 2.4.0. The usage of String.toLowerCase and...
CVE-2024-38829
CVE-2024-38829 is described as a vulnerability in Spring LDAP that enables data exposure due to case-sensitive comparisons. The issue affects Spring LDAP versions ranging from the earliest releases up to 2.4.3, and then 3.0.0–3.0.9, 3.1.0–3.1.7, and 3.2.0–3.2.7, including all versions prior to 2....
CVE-2024-38829 Spring LDAP sensitive data exposure for case-sensitive comparisons
A vulnerability in Spring LDAP allows data exposure for case sensitive comparisons.This issue affects Spring LDAP: from 2.4.0 through 2.4.3, from 3.0.0 through 3.0.9, from 3.1.0 through 3.1.7, from 3.2.0 through 3.2.7, AND all versions prior to 2.4.0. The usage of String.toLowerCase and...
CVE-2024-38829
A vulnerability in Spring LDAP allows data exposure for case sensitive comparisons.This issue affects Spring LDAP: from 2.4.0 through 2.4.3, from 3.0.0 through 3.0.9, from 3.1.0 through 3.1.7, from 3.2.0 through 3.2.7, AND all versions prior to 2.4.0. The usage of String.toLowerCase and...
VMware Tanzu Spring LDAP 安全漏洞
VMware Tanzu Spring LDAP is a library from VMware that simplifies LDAP programming in Java. A security vulnerability exists in VMware Tanzu Spring LDAP that originates from allowing data to be exposed in case-sensitive comparisons...
PT-2024-9997 · Spring +1 · Spring Ldap +1
Name of the Vulnerable Software and Affected Versions: Spring LDAP versions 2.4.0 through 2.4.3 Spring LDAP versions 3.0.0 through 3.2.7 Description: The issue is related to insufficient case sensitivity checking in the String.toLowerCase and String.toUpperCase functions of the Spring LDAP projec...
This Week in Spring - November 19th, 2024
Hi, Spring fans! How are you? Can you believe we're already staring at the end of the month? It's that time of the year when we see new releases, and the new releases reflect that frenzy! Soon: Spring Boot 3.4.0! Are you updated? Make sure you're updated! Remember: Spring projects leave open sour...
This Week in Spring - February 27th, 2024
Hi, Spring fans! Welcome to another installment of This Week in Spring wherein we explore the latest-and-greatest in the wonderful world of Springdom. This week's going to be a very good one, so let's dive right into it! good news everyone! Spring Boot's been updated! 3.3.0-M2, 3.2.3, and 3.1.9 a...