.. _vulnerabilityManagement_securityAdvisory_2025_CVE-2024-38827:

CVE-2024-38827
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Data: 2025-01-12

Severity: Medium

CVSS Score:  4.8 (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N)

Riferimenti:  

- `https://nvd.nist.gov/vuln/detail/CVE-2024-38827 <https://nvd.nist.gov/vuln/detail/CVE-2024-38827>`_
- `https://ossindex.sonatype.org/vulnerability/CVE-2024-38827 <https://ossindex.sonatype.org/vulnerability/CVE-2024-38827>`_
- `https://spring.io/security/cve-2024-38827 <https://spring.io/security/cve-2024-38827>`_

Libreria: org.springframework.security:spring-security-\* < 5.8.16

**Descrizione**

CWE-639: Authorization Bypass Through User-Controlled Key

Spring Security Authorization Bypass for Case Sensitive Comparisons

The usage of String.toLowerCase() and String.toUpperCase() has some Locale dependent exceptions that could potentially result in authorization rules not working properly.

**GovWay**

Versione affette: <= 3.3.15.p2

Risoluzione: 3.3.16