Vulnerable Library - spring-context-6.0.11.jar
Spring Context
Library home page: https://spring.io/projects/spring-framework
Path to dependency file: /web/springboot/springboot-war/pom.xml
Path to vulnerable library: /web/springboot/springboot-war/pom.xml
Found in HEAD commit: 36f898da249795a00b3ab9ebfe657c2ebe8b1711
Vulnerabilities
| CVE |
Severity |
 CVSS |
Dependency |
Type |
Fixed in (spring-context version) |
Remediation Possible** |
| CVE-2024-38820 |
 Low |
3.1 |
spring-context-6.0.11.jar |
Direct |
org.springframework:spring-context:6.1.14 |
✅ |
**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation
Details
CVE-2024-38820
Vulnerable Library - spring-context-6.0.11.jar
Spring Context
Library home page: https://spring.io/projects/spring-framework
Path to dependency file: /web/springboot/springboot-war/pom.xml
Path to vulnerable library: /web/springboot/springboot-war/pom.xml
Dependency Hierarchy:
- ❌ spring-context-6.0.11.jar (Vulnerable Library)
Found in HEAD commit: 36f898da249795a00b3ab9ebfe657c2ebe8b1711
Found in base branch: 11.1.1
Vulnerability Details
The fix for CVE-2022-22968 made disallowedFields patterns in DataBinder case insensitive. However, String.toLowerCase() has some Locale dependent exceptions that could potentially result in fields not protected as expected.
Publish Date: 2024-10-18
URL: CVE-2024-38820
CVSS 3 Score Details (3.1)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: High
- Privileges Required: Low
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: Low
- Availability Impact: None
For more information on CVSS3 Scores, click here.
Suggested Fix
Type: Upgrade version
Origin: https://spring.io/security/cve-2024-38820
Release Date: 2024-10-18
Fix Resolution: org.springframework:spring-context:6.1.14
⛑️ Automatic Remediation will be attempted for this issue.
⛑️Automatic Remediation will be attempted for this issue.
Spring Context
Library home page: https://spring.io/projects/spring-framework
Path to dependency file: /web/springboot/springboot-war/pom.xml
Path to vulnerable library: /web/springboot/springboot-war/pom.xml
Found in HEAD commit: 36f898da249795a00b3ab9ebfe657c2ebe8b1711
Vulnerabilities
**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation
Details
Vulnerable Library - spring-context-6.0.11.jar
Spring Context
Library home page: https://spring.io/projects/spring-framework
Path to dependency file: /web/springboot/springboot-war/pom.xml
Path to vulnerable library: /web/springboot/springboot-war/pom.xml
Dependency Hierarchy:
Found in HEAD commit: 36f898da249795a00b3ab9ebfe657c2ebe8b1711
Found in base branch: 11.1.1
Vulnerability Details
The fix for CVE-2022-22968 made disallowedFields patterns in DataBinder case insensitive. However, String.toLowerCase() has some Locale dependent exceptions that could potentially result in fields not protected as expected.
Publish Date: 2024-10-18
URL: CVE-2024-38820
CVSS 3 Score Details (3.1)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: High
- Privileges Required: Low
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: Low
- Availability Impact: None
For more information on CVSS3 Scores, click here.Suggested Fix
Type: Upgrade version
Origin: https://spring.io/security/cve-2024-38820
Release Date: 2024-10-18
Fix Resolution: org.springframework:spring-context:6.1.14
⛑️ Automatic Remediation will be attempted for this issue.
⛑️Automatic Remediation will be attempted for this issue.