CVE-2024-38829 – org.springframework.ldap:spring-ldap-core

Package

Manager: maven
Name: org.springframework.ldap:spring-ldap-core
Vulnerable Version: >=3.0.0 <3.2.8 || >=0 <2.4.4

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00092 pctl0.26866

Details

Spring LDAP data exposure vulnerability A vulnerability in Spring LDAP allows data exposure for case sensitive comparisons.This issue affects Spring LDAP: from 2.4.0 through 2.4.3, from 3.0.0 through 3.0.9, from 3.1.0 through 3.1.7, from 3.2.0 through 3.2.7, AND all versions prior to 2.4.0. The usage of String.toLowerCase() and String.toUpperCase() has some Locale dependent exceptions that could potentially result in unintended columns from being queried Related to CVE-2024-38820 https://spring.io/security/cve-2024-38820

Metadata

Created: 2024-12-04T21:30:52Z
Modified: 2024-12-10T16:29:00Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/12/GHSA-mqvr-2rp8-j7h4/GHSA-mqvr-2rp8-j7h4.json
CWE IDs: ["CWE-178"]
Alternative ID: GHSA-mqvr-2rp8-j7h4
Finding: F113
Auto approve: 1