CVE-2024-38829

Source
https://nvd.nist.gov/vuln/detail/CVE-2024-38829
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-38829.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2024-38829
Aliases
Downstream
Related
Published
2024-12-04T21:15:24Z
Modified
2025-08-09T20:01:26Z
Summary
[none]
Details

A vulnerability in Spring LDAP allows data exposure for case sensitive comparisons.This issue affects Spring LDAP: from 2.4.0 through 2.4.3, from 3.0.0 through 3.0.9, from 3.1.0 through 3.1.7, from 3.2.0 through 3.2.7, AND all versions prior to 2.4.0.

The usage of String.toLowerCase() and String.toUpperCase() has some Locale dependent exceptions that could potentially result in unintended columns from being queried Related to CVE-2024-38820 https://spring.io/security/cve-2024-38820

References

Affected packages