{"vulnerability": "CVE-2024-3880", "sightings": [{"uuid": "2cd4cac8-4f90-445f-9843-7633a5a683e9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38809", "type": "seen", "source": "https://t.me/cvedetector/6564", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-38809 - Apache ETags Header Replay Denial Of Service\", \n  \"Content\": \"CVE ID : CVE-2024-38809 \nPublished : Sept. 27, 2024, 5:15 p.m. | 43\u00a0minutes ago \nDescription : Applications that parse ETags from \"If-Match\" or \"If-None-Match\" request headers are vulnerable to DoS attack.  \n  \nUsers of affected versions should upgrade to the corresponding fixed version.  \n  \nUsers of older, unsupported versions could enforce a size limit on \"If-Match\" and \"If-None-Match\" headers, e.g. through a Filter. \nSeverity: 5.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"27 Sep 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-09-27T20:05:03.000000Z"}, {"uuid": "0434cd65-d9fe-408d-b038-4a4bdc919bd2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38808", "type": "seen", "source": "https://t.me/cvedetector/3606", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-38808 - Apache Spring Framework SpEL Evaluation Denial of Service\", \n  \"Content\": \"CVE ID : CVE-2024-38808 \nPublished : Aug. 20, 2024, 8:15 a.m. | 40\u00a0minutes ago \nDescription : In Spring Framework versions 5.3.0 - 5.3.38 and older unsupported versions, it is possible for a user to provide a specially crafted Spring Expression Language (SpEL) expression that may cause a denial of service (DoS) condition.  \n  \nSpecifically, an application is vulnerable when the following is true:  \n  \n  *  The application evaluates user-supplied SpEL expressions. \nSeverity: 4.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"20 Aug 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-08-20T11:16:31.000000Z"}, {"uuid": "a86dcd1f-5991-462b-b756-e8bba5d2bb78", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38807", "type": "seen", "source": "https://t.me/cvedetector/3981", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-38807 - Apache Spring Boot Signature Forgery Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-38807 \nPublished : Aug. 23, 2024, 9:15 a.m. | 38\u00a0minutes ago \nDescription : Applications that use spring-boot-loader\u00a0or spring-boot-loader-classic\u00a0and contain custom code that performs signature verification of nested jar files may be vulnerable to signature forgery where content that appears to have been signed by one signer has, in fact, been signed by another. \nSeverity: 6.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"23 Aug 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-08-23T12:06:47.000000Z"}, {"uuid": "1f0fa107-5d16-4a2c-8a98-e78cc1f7aa8f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38806", "type": "seen", "source": "https://t.me/cvedetector/1176", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-38806 - Cloud Foundry UAA Permission Synchronization Vulnerability (Privilege Escalation)\", \n  \"Content\": \"CVE ID : CVE-2024-38806 \nPublished : July 18, 2024, 7:15 p.m. | 32\u00a0minutes ago \nDescription : Failure to properly synchronize user's permissions in UAA in Cloud Foundry Foundation  v40.17.0  ,  \n potentially resulting in users retaining access rights they should not   \nhave.  This can allow them to perform operations beyond their intended   \npermissions. \nSeverity: 3.9 | LOW \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"18 Jul 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-07-18T21:48:49.000000Z"}]}