Security Advisories

CGA-55pg-pmr2-7vrj

Published

Last updated

https://images.chainguard.dev/security/CGA-55pg-pmr2-7vrj

Package

camunda-zeebe

Latest Update

Fixed

Fixed Version

8.6.5-r0

Aliases

CVE-2024-38827
GHSA-q3v6-hm2v-pw99

Severity

4.8

Medium

CVSS V3

Summary

Spring Framework has Authorization Bypass for Case Sensitive Comparisons

Description

The usage of String.toLowerCase() and String.toUpperCase() has some Locale dependent exceptions that could potentially result in authorization rules not working properly.

References

https://nvd.nist.gov/vuln/detail/CVE-2024-38827
https://github.com/advisories/GHSA-q3v6-hm2v-pw99
https://github.com/spring-projects/spring-framework/issues/33708
https://github.com/spring-projects/spring-framework/commit/11d4272ff48b4a4dabc4b28dfbff0364a4204bc9
https://github.com/spring-projects/spring-framework
https://spring.io/security/cve-2024-38827

Updates

Advisories are based on vulnerability information provided by Grype from Anchore. Learn how Chainguard creates security advisories.

CGA-55pg-pmr2-7vrj

Severity

Summary

Description

References

Updates

Product

Why Chainguard

Customers

Company

Resources