CVE-2024-38829

Summary

A vulnerability in Spring LDAP allows data exposure for case sensitive comparisons.This issue affects Spring LDAP: from 2.4.0 through 2.4.3, from 3.0.0 through 3.0.9, from 3.1.0 through 3.1.7, from 3.2.0 through 3.2.7, AND all versions prior to 2.4.0.

The usage of String.toLowerCase() and String.toUpperCase() has some Locale dependent exceptions that could potentially result in unintended columns from being queried Related to CVE-2024-38820 https://spring.io/security/cve-2024-38820

Affected Software

VendorProductVersion RangeStatus
SpringSpring LDAP2.4.0 <= 2.4.3affected
SpringSpring LDAP3.0.0 <= 3.0.9affected
SpringSpring LDAP3.1.0 <= 3.1.7affected
SpringSpring LDAP3.2.0 <= 3.2.7affected
SpringSpring LDAP0 <= 2.4.0affected

Weaknesses

  • CWE-178: CWE-178

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References