{"vulnerability": "CVE-2024-3882", "sightings": [{"uuid": "25bcb847-ec9c-4429-baf2-00214bd15813", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "8ef3179e-6ae2-42ba-9d27-75d713d75f20", "vulnerability": "CVE-2024-38820", "type": "seen", "source": null, "content": "", "creation_timestamp": "2024-10-18T12:33:06.392446Z"}, {"uuid": "ba5301af-2dee-49b4-afb3-e9f790ad0dfe", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2024-38826", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113462701476514117", "content": "", "creation_timestamp": "2024-11-11T05:37:35.849240Z"}, {"uuid": "068a3a43-c362-4cc6-a1c1-3ad493fb7b5d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2024-38829", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113596625680492138", "content": "", "creation_timestamp": "2024-12-04T21:15:49.857108Z"}, {"uuid": "0d48e993-da2f-4628-a0ed-aae340a178c0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2024-38820", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113596625680492138", "content": "", "creation_timestamp": "2024-12-04T21:15:49.897258Z"}, {"uuid": "c77fde33-c071-460e-b011-5ca9d61af758", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38821", "type": "seen", "source": "https://infosec.exchange/users/cR0w/statuses/113877916793081869", "content": "", "creation_timestamp": "2025-01-23T13:31:51.936172Z"}, {"uuid": "4431f3d1-393a-4258-9152-6d084298a169", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38824", "type": "seen", "source": "https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3lrhyaocs5ix2", "content": "", "creation_timestamp": "2025-06-13T08:08:43.764973Z"}, {"uuid": "3fc18f93-3a10-4fc6-b4d8-c809fe1da3b8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38823", "type": "seen", "source": "https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3lrhubsb4puj2", "content": "", "creation_timestamp": "2025-06-13T06:57:50.826126Z"}, {"uuid": "0bf8d0ef-45cd-449c-a38e-f3219c605656", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38825", "type": "seen", "source": "https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3lrhubrvh2j72", "content": "", "creation_timestamp": "2025-06-13T06:57:51.377194Z"}, {"uuid": "a832b3c9-b55f-46bb-9d9e-9d4930a0ce5d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38822", "type": "seen", "source": "https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3lrhuc33qatx2", "content": "", "creation_timestamp": "2025-06-13T06:58:11.468688Z"}, {"uuid": "0d171afb-38a8-4a9b-93ae-0f6ca44b9e32", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38822", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lridxxt4m22s", "content": "", "creation_timestamp": "2025-06-13T11:38:24.971948Z"}, {"uuid": "503524d2-973f-46e6-be76-37524f992912", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38825", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lriciqsszx2m", "content": "", "creation_timestamp": "2025-06-13T11:12:00.376157Z"}, {"uuid": "5f795421-0f87-4c11-b763-616eddf962bf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38824", "type": "seen", "source": "https://bsky.app/profile/getpokemon7.bsky.social/post/3ls5w6yvu4225", "content": "", "creation_timestamp": "2025-06-22T01:30:23.222411Z"}, {"uuid": "c0cb4fbc-be0f-4fd6-9843-fb2743611236", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38824", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lriffaqins2q", "content": "", "creation_timestamp": "2025-06-13T12:03:44.142669Z"}, {"uuid": "233e01fa-c0b9-4d86-a4cd-c4e5c8329635", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38823", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lrifo75xtp2r", "content": "", "creation_timestamp": "2025-06-13T12:08:44.444396Z"}, {"uuid": "2c941c10-a3e6-40f0-ad41-26d4f407944f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38820", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3m2pk24yreb2i", "content": "", "creation_timestamp": "2025-10-08T21:02:25.552809Z"}, {"uuid": "9da9fd59-ff2b-47b6-b43b-c9a07c5d31a9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38821", "type": "seen", "source": "MISP/d0bda5d9-8cbc-4c6c-8803-a5e3150f9ec2", "content": "", "creation_timestamp": "2025-09-01T19:03:03.000000Z"}, {"uuid": "b36b2fa0-792f-4dcb-b9d9-601c3f5f594e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38828", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/15839", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-38828\n\ud83d\udd25 CVSS Score: 5.3 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\ud83d\udd39 Description: Spring MVC controller methods with an @RequestBody byte[]\u00a0method parameter are vulnerable to a DoS attack.\n\ud83d\udccf Published: 2024-11-18T03:45:46.542Z\n\ud83d\udccf Modified: 2025-05-09T20:03:35.921Z\n\ud83d\udd17 References:\n1. https://spring.io/security/cve-2024-38828", "creation_timestamp": "2025-05-09T20:26:15.000000Z"}, {"uuid": "d2d887ab-3462-4e22-8e5c-7c7d5c4b7304", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38824", "type": "seen", "source": "Telegram/sBDh5C1zdFlaWSlBVyrMdS-46U_0ME-q4bAhLyd2EZru7fQ", "content": "", "creation_timestamp": "2025-06-13T07:34:25.000000Z"}, {"uuid": "920e9a9b-fe74-4d6e-835c-1f93a8c5351b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38824", "type": "seen", "source": "Telegram/HBqiitmPFPjCzeybdb4cPLxpUKa0lObpbFXMgDMnK3LlfUI", "content": "", "creation_timestamp": "2025-06-13T09:23:06.000000Z"}, {"uuid": "9313dce0-cc53-4511-b333-03f40a7ac91b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38820", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/16737", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-22233\n\ud83d\udd25 CVSS Score: 3.1 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N)\n\ud83d\udd39 Description: CVE-2024-38820 ensured Locale-independent, lowercase conversion for both the configured disallowedFields patterns and for request parameter names. However, there are still cases where it is possible to bypass the disallowedFields checks.\n\nAffected Spring Products and Versions\n\nSpring Framework:\n  *  6.2.0 - 6.2.6\n\n  *  6.1.0 - 6.1.19\n\n  *  6.0.0 - 6.0.27\n\n  *  5.3.0 - 5.3.42\n  *  Older, unsupported versions are also affected\n\n\n\nMitigation\n\nUsers of affected versions should upgrade to the corresponding fixed version.\n\nAffected version(s)Fix Version\u00a0Availability\u00a06.2.x\n 6.2.7\nOSS6.1.x\n 6.1.20\nOSS6.0.x\n 6.0.28\n Commercial https://enterprise.spring.io/ 5.3.x\n 5.3.43\n Commercial https://enterprise.spring.io/ \nNo further mitigation steps are necessary.\n\n\nGenerally, we recommend using a dedicated model object with properties only for data binding, or using constructor binding since constructor arguments explicitly declare what to bind together with turning off setter binding through the declarativeBinding flag. See the Model Design section in the reference documentation.\n\nFor setting binding, prefer the use of allowedFields (an explicit list) over disallowedFields.\n\nCredit\n\nThis issue was responsibly reported by the TERASOLUNA Framework Development Team from NTT DATA Group Corporation.\n\ud83d\udccf Published: 2025-05-16T19:14:07.500Z\n\ud83d\udccf Modified: 2025-05-16T19:14:07.500Z\n\ud83d\udd17 References:\n1. https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N&amp;version=3.1", "creation_timestamp": "2025-05-16T19:34:36.000000Z"}, {"uuid": "4eac00e7-c481-45ab-89bc-fe6c7200006e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38823", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/18279", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-38823\n\ud83d\udd25 CVSS Score: 2.7 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N)\n\ud83d\udd39 Description: Salt's request server is vulnerable to replay attacks when not using a TLS encrypted transport.\n\ud83d\udccf Published: 2025-06-13T06:41:26.536Z\n\ud83d\udccf Modified: 2025-06-13T06:41:26.536Z\n\ud83d\udd17 References:\n1. https://docs.saltproject.io/en/3006/topics/releases/3006.12.html\n2. https://docs.saltproject.io/en/3007/topics/releases/3007.4.html", "creation_timestamp": "2025-06-13T07:33:21.000000Z"}, {"uuid": "bd1330ef-af7d-4f07-9505-2fee2a73b007", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38825", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/18278", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-38825\n\ud83d\udd25 CVSS Score: 6.4 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N)\n\ud83d\udd39 Description: The salt.auth.pki module does not properly authenticate callers. The \"password\" field contains a public certificate which is validated against a CA certificate by the module. This is not pki authentication, as the caller does not need access to the corresponding private key for the authentication attempt to be accepted.\n\ud83d\udccf Published: 2025-06-13T06:46:12.145Z\n\ud83d\udccf Modified: 2025-06-13T06:46:12.145Z\n\ud83d\udd17 References:\n1. https://docs.saltproject.io/en/3006/topics/releases/3006.12.html\n2. https://docs.saltproject.io/en/3007/topics/releases/3007.4.html", "creation_timestamp": "2025-06-13T07:33:20.000000Z"}, {"uuid": "5f85fe8d-845d-4c98-bd16-ae48bb0fe2e1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38829", "type": "seen", "source": "https://t.me/cvedetector/12032", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-38829 - A vulnerability in VMware Tanzu Spring LDAP allows\", \n  \"Content\": \"CVE ID : CVE-2024-38829 \nPublished : Dec. 4, 2024, 9:15 p.m. | 43\u00a0minutes ago \nDescription : A vulnerability in VMware Tanzu Spring LDAP allows data exposure for case sensitive comparisons.This issue affects Spring LDAP: from 2.4.0 through 2.4.3, from 3.0.0 through 3.0.9, from 3.1.0 through 3.1.7, from 3.2.0 through 3.2.7, AND all versions prior to 2.4.0.  \n  \nThe usage of String.toLowerCase() and String.toUpperCase() has some Locale dependent exceptions that could potentially result in unintended columns from being queried  \nRelated to  CVE-2024-38820  \nSeverity: 3.7 | LOW \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"04 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-04T23:27:32.000000Z"}, {"uuid": "1085549a-6d15-4224-8e37-cff270dc7f75", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38822", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/18281", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-38822\n\ud83d\udd25 CVSS Score: 2.7 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N)\n\ud83d\udd39 Description: Multiple methods in the salt master skip minion token validation. Therefore a misbehaving minion can impersonate another minion.\n\ud83d\udccf Published: 2025-06-13T06:40:41.885Z\n\ud83d\udccf Modified: 2025-06-13T06:40:41.885Z\n\ud83d\udd17 References:\n1. https://docs.saltproject.io/en/3006/topics/releases/3006.12.html\n2. https://docs.saltproject.io/en/3007/topics/releases/3007.4.html", "creation_timestamp": "2025-06-13T07:33:23.000000Z"}, {"uuid": "f81d1c82-6a89-49c7-9eae-669030bb45f7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38824", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/18270", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-38824\n\ud83d\udd25 CVSS Score: 9.6 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N)\n\ud83d\udd39 Description: Directory traversal vulnerability in recv_file method allows arbitrary files to be written to the master cache directory.\n\ud83d\udccf Published: 2025-06-13T07:10:31.166Z\n\ud83d\udccf Modified: 2025-06-13T07:10:31.166Z\n\ud83d\udd17 References:\n1. https://docs.saltproject.io/en/3006/topics/releases/3006.12.html\n2. https://docs.saltproject.io/en/3007/topics/releases/3007.4.html", "creation_timestamp": "2025-06-13T07:33:07.000000Z"}, {"uuid": "80f0eed7-813f-4a78-b61e-1458127471fa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38821", "type": "seen", "source": "https://t.me/CyberBulletin/1305", "content": "\u26a1\ufe0fCVE-2024-38821 (CVSS 9.1) Allows Authorization Bypass in Spring WebFlux Applications.\n\n#CyberBulletin", "creation_timestamp": "2024-10-29T05:03:03.000000Z"}, {"uuid": "f75a55b7-cac9-427b-9d24-86b3f2bb17bc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38828", "type": "seen", "source": "https://t.me/cvedetector/11277", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-38828 - Apache Spring byte Array Request Body Denial of Service\", \n  \"Content\": \"CVE ID : CVE-2024-38828 \nPublished : Nov. 18, 2024, 4:15 a.m. | 24\u00a0minutes ago \nDescription : Spring MVC controller methods with an @RequestBody byte[]\u00a0method parameter are vulnerable to a DoS attack. \nSeverity: 5.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"18 Nov 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-18T05:40:29.000000Z"}, {"uuid": "75e92020-7d24-4469-8d2c-d320d21d9ee6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38827", "type": "seen", "source": "https://t.me/cvedetector/11790", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-38827 - The usage of String.toLowerCase()\u00a0and String.toUpp\", \n  \"Content\": \"CVE ID : CVE-2024-38827 \nPublished : Dec. 2, 2024, 3:15 p.m. | 43\u00a0minutes ago \nDescription : The usage of String.toLowerCase()\u00a0and String.toUpperCase()\u00a0has some Locale\u00a0dependent exceptions that could potentially result in authorization rules not working properly. \nSeverity: 4.8 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"02 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-02T17:05:09.000000Z"}, {"uuid": "0b300989-1bb4-482e-810d-858fa2c2fd0d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38820", "type": "seen", "source": "https://t.me/cvedetector/12032", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-38829 - A vulnerability in VMware Tanzu Spring LDAP allows\", \n  \"Content\": \"CVE ID : CVE-2024-38829 \nPublished : Dec. 4, 2024, 9:15 p.m. | 43\u00a0minutes ago \nDescription : A vulnerability in VMware Tanzu Spring LDAP allows data exposure for case sensitive comparisons.This issue affects Spring LDAP: from 2.4.0 through 2.4.3, from 3.0.0 through 3.0.9, from 3.1.0 through 3.1.7, from 3.2.0 through 3.2.7, AND all versions prior to 2.4.0.  \n  \nThe usage of String.toLowerCase() and String.toUpperCase() has some Locale dependent exceptions that could potentially result in unintended columns from being queried  \nRelated to  CVE-2024-38820  \nSeverity: 3.7 | LOW \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"04 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-04T23:27:32.000000Z"}, {"uuid": "420e0323-3ebb-4455-86e7-04ce0f61fd59", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38821", "type": "seen", "source": "https://t.me/cvedetector/9093", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-38821 - Spring WebFlux: Bypassing Spring Security Authorization Rules on Static Resources\", \n  \"Content\": \"CVE ID : CVE-2024-38821 \nPublished : Oct. 28, 2024, 7:15 a.m. | 44\u00a0minutes ago \nDescription : Spring WebFlux applications that have Spring Security authorization rules on static resources can be bypassed under certain circumstances.  \n  \nFor this to impact an application, all of the following must be true:  \n  \n  *  It must be a WebFlux application  \n  *  It must be using Spring's static resources support  \n  *  It must have a non-permitAll authorization rule applied to the static resources support \nSeverity: 9.1 | CRITICAL \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"28 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-28T09:28:03.000000Z"}, {"uuid": "15888016-50d4-4561-ad30-d19ac35d2d0c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38826", "type": "seen", "source": "https://t.me/cvedetector/10461", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-38826 - Cloud Foundry Cloud Controller File Upload DoS Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-38826 \nPublished : Nov. 11, 2024, 6:15 a.m. | 25\u00a0minutes ago \nDescription : Authenticated users can upload specifically crafted files to leak server resources. This behavior can potentially be used to run a denial of service attack against Cloud Controller.  \n  \nThe Cloud Foundry project recommends upgrading the following releases:  \n  \n  *  Upgrade capi release version to 1.194.0 or greater  \n  *  Upgrade cf-deployment version to v44.1.0 or greater. This includes a patched capi release \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"11 Nov 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-11T07:44:13.000000Z"}, {"uuid": "47e9f8b8-01ef-4242-b835-a346c75936a9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38820", "type": "seen", "source": "https://t.me/cvedetector/8293", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-38820 - Apache Struts Case Insensitive Validation Bypass Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-38820 \nPublished : Oct. 18, 2024, 6:15 a.m. | 40\u00a0minutes ago \nDescription : The fix for CVE-2022-22968 made disallowedFields\u00a0patterns in DataBinder\u00a0case insensitive. However, String.toLowerCase()\u00a0has some Locale dependent exceptions that could potentially result in fields not protected as expected. \nSeverity: 3.1 | LOW \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"18 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-18T09:23:24.000000Z"}, {"uuid": "e0e6e7b0-b10a-404a-a1e6-12ed5bbb6144", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38828", "type": "published-proof-of-concept", "source": "Telegram/XeTSOxjSF87w5-teeFLLuPjalRjBKZ2qv5EJNZvkfXazzfU", "content": "", "creation_timestamp": "2025-04-23T09:00:07.000000Z"}, {"uuid": "99e654ee-200e-4c1c-bd5e-73662b443024", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38828", "type": "published-proof-of-concept", "source": "Telegram/mIQYUSqdZG0qC4ccPPwRpa360xwamTmZCIxoO7vEILe4Sa0", "content": "", "creation_timestamp": "2025-04-15T05:00:10.000000Z"}, {"uuid": "2b39077e-303f-46f7-8435-59c7d21e5211", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38821", "type": "seen", "source": "https://t.me/CyberBulletin/26249", "content": "\u26a1\ufe0fCVE-2024-38821 (CVSS 9.1) Allows Authorization Bypass in Spring WebFlux Applications.\n\n#CyberBulletin", "creation_timestamp": "2024-10-29T05:03:03.000000Z"}, {"uuid": "a7e1136c-3bc2-4e1d-809f-d03b286b2d30", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38828", "type": "published-proof-of-concept", "source": "Telegram/ZJp_VCEhaga9OM9NBvz45K3ssC6nL69JeV_dGqoHwNSpsGU", "content": "", "creation_timestamp": "2025-04-15T05:00:08.000000Z"}, {"uuid": "66ebcbdd-afe8-4dca-9f72-e2bd9863d387", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38821", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/11730", "content": "#WebApp_Security\n#Offensive_security\n1. Supply Chain Attacks in Web3: A New Era\nhttps://osec.io/blog/2024-06-10-supply-chain-attacks-a-new-era\n2. Spring WebFlux Authorization Bypass: CVE-2024-38821 Explained\nhttps://www.deep-kondah.com/spring-webflux-static-resource-access-vulnerability-cve-2024-38821-explained\n3. A CLI for cracking, testing vulnerabilities on Json Web Token\nhttps://github.com/tyki6/MyJWT", "creation_timestamp": "2025-01-25T14:14:21.000000Z"}]}