CVE-2024-38829
CVSS 3.1 Score 3.7 of 10 (low)
Details
Summary
CVE-2024-38829 is a vulnerability affecting multiple versions of Spring LDAP, including 2.4.0 and later, 3.0.0 and later, and all versions prior to 2.4.0. This issue arises due to the use of locale-dependent exceptions in the handling of String comparisons with the functions String.toLowerCase() and String.toUpperCase(). These exceptions may lead to unintended columns being queried, potentially exposing sensitive data. This vulnerability shares similarities with CVE-2024-38820, but the specific impact and exploitation methods differ. Spring LDAP users are advised to upgrade to the latest patched version to mitigate this risk.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.