Fluid Attacks Database

Description

Spring MVC controller vulnerable to a DoS attack Spring MVC controller methods with an @RequestBody byte[] method parameter are vulnerable to a DoS attack.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 13	libspring-java	=4.3.30-3 \|\| =4.3.30-4	-
debian 12	libspring-java	=4.3.30-2 \|\| =4.3.30-3 \|\| =4.3.30-4	-
debian 14	libspring-java	=4.3.30-3 \|\| =4.3.30-4	-
debian 11	libspring-java	=4.3.30-1 \|\| =4.3.30-2 \|\| =4.3.30-3 \|\| =4.3.30-4	-
maven	org.springframework:spring-webmvc	>=5.3.0 <5.3.42	5.3.42

Aliases

1. CVE-2024-388282. NVD-2024-388283. OSV-DEBIAN-2024-388284. OSV-2024-388285. GCVE-2024-388286. SECURITY-TRACKER-CVE-2024-38828

References

1. https://github.com/First-Roman/sprig-mvc-demo-patch2. https://security.netapp.com/advisory/ntap-20250509-00093. https://spring.io/security/cve-2024-38828