Home > Vulnerability Database > CVE-2024-38821

Mend.io Vulnerability Database

CVE-2024-38821

Good to know:

Date: June 20, 2024

Spring WebFlux applications that have Spring Security authorization rules on static resources can be bypassed under certain circumstances. For this to impact an application, all of the following must be true: It must be a WebFlux application, It must be using Spring's static resources support, and it must have a non-permitAll authorization rule applied to the static resources support.

Severity Score

5.5

Related Resources (3)

Url: https://spring.io/security/cve-2024-38821

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-38821

Url: https://www.mend.io/vulnerability-database/CVE-2024-38821

Severity Score

5.5

Top Fix

Upgrade Version

Upgrade to version org.springframework.security:spring-security-web:5.7.13,5.8.15,6.0.13,6.1.11,6.2.7,6.3.4

Learn More

CVSS v3.1

Base Score:	5.5
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	REQUIRED
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2024-38821

Good to know:

Date: June 20, 2024

Severity Score

Related Resources (3)

Severity Score

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?