.. _vulnerabilityManagement_skip_registry_33x_CVE-2024-38828:

CVE-2024-38828
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Data: 2024-12-31

Severity: Medium

CVSS Score:  5.3 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

Riferimenti:  

- `https://nvd.nist.gov/vuln/detail/CVE-2024-38828 <https://nvd.nist.gov/vuln/detail/CVE-2024-38828>`_
- `https://ossindex.sonatype.org/vulnerability/CVE-2024-38828 <https://ossindex.sonatype.org/vulnerability/CVE-2024-38828>`_
- `https://spring.io/security/cve-2024-38828 <https://spring.io/security/cve-2024-38828>`_

Libreria: org.springframework:spring-web < 5.3.42

**Descrizione**

Spring MVC controller methods with an @RequestBody byte[] method parameter are vulnerable to a DoS attack.

**Falso Positivo per GovWay**

Nel progetto GovWay non sono presenti metodi Spring MVC controller che utilizzano parametri annotati con @RequestBody di tipo byte[].

Configuration File: `false-positive.xml <https://raw.githubusercontent.com/link-it/govway/master/mvn/dependencies/owasp/falsePositives/CVE-2024-38828.xml>`_