Description
A vulnerability in Spring LDAP allows data exposure for case sensitive comparisons.This issue affects Spring LDAP: from 2.4.0 through 2.4.3, from 3.0.0 through 3.0.9, from 3.1.0 through 3.1.7, from 3.2.0 through 3.2.7, AND all versions prior to 2.4.0. The usage of String.toLowerCase() and String.toUpperCase() has some Locale dependent exceptions that could potentially result in unintended columns from being queried Related to CVE-2024-38820 https://spring.io/security/cve-2024-38820
References (1)
Core 1
Core References
Vendor Advisory vendor-advisory
https://spring.io/security/cve-2024-38829
Scores
CVSS v3
3.7
EPSS
0.0037
EPSS Percentile
28.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-178
Status
published
Products (6)
org.springframework.ldap/spring-ldap-core
3.0.0 - 3.2.8Maven
Spring/Spring LDAP
< 2.4.0
Spring/Spring LDAP
2.4.0 - 2.4.3
Spring/Spring LDAP
3.0.0 - 3.0.9
Spring/Spring LDAP
3.1.0 - 3.1.7
Spring/Spring LDAP
3.2.0 - 3.2.7
Published
Dec 04, 2024
Tracked Since
Feb 18, 2026