CVE-2024-38827

CVSS v4.0

6.3

Medium

Vector

AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions Spring Security (affected versions not specified)

Description The issue is related to the use of String.toLowerCase() and String.toUpperCase() functions in the Java framework for Spring Security, which can lead to improper authorization. This is due to locale-dependent exceptions that may cause authorization rules to not work correctly. An attacker could potentially exploit this to bypass the authorization process.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

IDOR

Improper Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-639CWE-285

Related Identifiers

BDU:2024-10377

CLEANSTART-2026-JU62349

CLEANSTART-2026-SQ91016

CLEANSTART-2026-SV95049

CLEANSTART-2026-WK99982

CVE-2024-38827

GHSA-Q3V6-HM2V-PW99

Affected Products

Spring Security

CVE-2024-38827

Weakness Enumeration

Related Identifiers

Affected Products

References · 160