kadamnayan

1 exploit Active since Oct 2024
CVE-2024-38820 NOMISEC LOW WORKING POC
Spring Framework 5.3.0-5.3.40 and 6.1.0-6.1.13 - Case Sensitivity Bypass in DataBinder DisallowedFields
The fix for CVE-2022-22968 made disallowedFields patterns in DataBinder case insensitive. However, String.toLowerCase() has some Locale dependent exceptions that could potentially result in fields not protected as expected.
CVSS 3.1