{"id":"CVE-2024-38820","details":"The fix for CVE-2022-22968 made disallowedFields patterns in DataBinder case insensitive. However, String.toLowerCase() has some Locale dependent exceptions that could potentially result in fields not protected as expected.","aliases":["GHSA-4gc7-5j7h-4qph"],"modified":"2026-03-14T12:34:40.775313Z","published":"2024-10-18T06:15:03.333Z","related":["CGA-9grp-6g38-66x6"],"references":[{"type":"ADVISORY","url":"https://spring.io/security/cve-2024-38820"},{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20241129-0003/"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/spring-projects/spring-framework","events":[{"introduced":"e6585e0250519ec6ef85f0ca2f8d9b6151f94397"},{"fixed":"ac5c8adb9830939e2329f1e16727c522a172c7c8"}],"database_specific":{"versions":[{"introduced":"6.1.0"},{"fixed":"6.1.14"}]}}],"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"5.3.0"},{"fixed":"5.3.41"}]},{"events":[{"introduced":"6.0.0"},{"fixed":"6.0.25"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-38820.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"}]}