Authorization Rules May Not Work Properly Due to Locale-Dependent Exceptions in Java
CVE-2024-38827

4.8MEDIUM

Key Information:

Vendor: Spring By Vmware Tanzu
Status: Spring Security
Vendor: CVE Published:; 2 December 2024

Summary

The usage of String.toLowerCase() and String.toUpperCase() has some Locale dependent exceptions that could potentially result in authorization rules not working properly.

Affected Version(s)

Spring Security 5.7.0 - 5.7.13, 5.8.0 - 5.8.15, 6.0.0 - 6.0.13, 6.1.0 - 6.1.11, 6.2.0 - 6.2.7, 6.3.0 - 6.3.4, Older unsupported versions are also affected

References

https://spring.io/security/cve-2024-38827

CVSS V3.1

Score:

4.8

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 2, 2024
Vulnerability Reserved
Jun 19, 2024