CVE-2024-38827
Data: 2025-01-12
Severity: Medium
CVSS Score: 4.8 (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N)
Riferimenti:
Libreria: org.springframework.security:spring-security-* < 5.8.16
Descrizione
CWE-639: Authorization Bypass Through User-Controlled Key
Spring Security Authorization Bypass for Case Sensitive Comparisons
The usage of String.toLowerCase() and String.toUpperCase() has some Locale dependent exceptions that could potentially result in authorization rules not working properly.
GovWay
Versione affette: <= 3.3.15.p2
Risoluzione: 3.3.16
