Vulnerability CVE-2024-38820


Published: 2024-10-18

Description:
The fix for CVE-2022-22968 made disallowedFields patterns in DataBinder case insensitive. However, String.toLowerCase() has some Locale dependent exceptions that could potentially result in fields not protected as expected.

 References:
https://spring.io/security/cve-2024-38820

Copyright 2026, cxsecurity.com

 

Back to Top