We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Spring Web
Library home page: http://springsource.org/spring-framework
Path to dependency file: /pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/spring-web/3.2.4.RELEASE/spring-web-3.2.4.RELEASE.jar
Dependency Hierarchy:
Found in HEAD commit: c42e663814e4b88294ff90339ad577ca1afcf531
Found in base branch: master
Applications that parse ETags from "If-Match" or "If-None-Match" request headers are vulnerable to DoS attack.
Users of affected versions should upgrade to the corresponding fixed version.
Users of older, unsupported versions could enforce a size limit on "If-Match" and "If-None-Match" headers, e.g. through a Filter.
Publish Date: 2024-09-27
URL: CVE-2024-38809
Base Score Metrics:
Type: Upgrade version
Origin: https://spring.io/security/cve-2024-38809
Release Date: 2024-09-27
Fix Resolution (org.springframework:spring-web): 5.3.38
Direct dependency fix Resolution (org.springframework:spring-webmvc): 5.2.20.RELEASE
Step up your Open Source Security Game with Mend here
The text was updated successfully, but these errors were encountered:
No branches or pull requests
CVE-2024-38809 - Medium Severity Vulnerability
Vulnerable Library - spring-web-3.2.4.RELEASE.jar
Spring Web
Library home page: http://springsource.org/spring-framework
Path to dependency file: /pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/spring-web/3.2.4.RELEASE/spring-web-3.2.4.RELEASE.jar
Dependency Hierarchy:
Found in HEAD commit: c42e663814e4b88294ff90339ad577ca1afcf531
Found in base branch: master
Vulnerability Details
Applications that parse ETags from "If-Match" or "If-None-Match" request headers are vulnerable to DoS attack.
Users of affected versions should upgrade to the corresponding fixed version.
Users of older, unsupported versions could enforce a size limit on "If-Match" and "If-None-Match" headers, e.g. through a Filter.
Publish Date: 2024-09-27
URL: CVE-2024-38809
CVSS 3 Score Details (5.3)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: https://spring.io/security/cve-2024-38809
Release Date: 2024-09-27
Fix Resolution (org.springframework:spring-web): 5.3.38
Direct dependency fix Resolution (org.springframework:spring-webmvc): 5.2.20.RELEASE
Step up your Open Source Security Game with Mend here
The text was updated successfully, but these errors were encountered: