CVE-2024-38827

Spring Framework has Authorization Bypass for Case Sensitive Comparisons

Description

The usage of String.toLowerCase() and String.toUpperCase() has some Locale dependent exceptions that could potentially result in authorization rules not working properly.

Patch Available

Fix available through Seal Security.  
No upgrade required, protect your application instantly.

Fix without upgrading

Score

4.8

Severity

Medium

Ecosystem

Java

Publish Date

December 2, 2024

Modified Date

February 3, 2026

Score Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

Affected Versions