CVE-2024-38827: Spring Framework has Authorization Bypass for Case Sensitive Comparisons
(updated )
The usage of String.toLowerCase() and String.toUpperCase() has some Locale dependent exceptions that could potentially result in authorization rules not working properly.
References
- github.com/advisories/GHSA-q3v6-hm2v-pw99
- github.com/spring-projects/spring-framework/commit/11d4272ff48b4a4dabc4b28dfbff0364a4204bc9
- github.com/spring-projects/spring-framework/issues/33708
- github.com/spring-projects/spring-framework/issues/34232
- github.com/spring-projects/spring-security
- nvd.nist.gov/vuln/detail/CVE-2024-38827
- spring.io/security/cve-2024-38827
Detect and mitigate CVE-2024-38827 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →