漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Spring LDAP sensitive data exposure for case-sensitive comparisons
Vulnerability Description
A vulnerability in Spring LDAP allows data exposure for case sensitive comparisons.This issue affects Spring LDAP: from 2.4.0 through 2.4.3, from 3.0.0 through 3.0.9, from 3.1.0 through 3.1.7, from 3.2.0 through 3.2.7, AND all versions prior to 2.4.0. The usage of String.toLowerCase() and String.toUpperCase() has some Locale dependent exceptions that could potentially result in unintended columns from being queried Related to CVE-2024-38820 https://spring.io/security/cve-2024-38820
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
Vulnerability Type
大小写敏感处理不恰当
Vulnerability Title
VMware Tanzu Spring LDAP 安全漏洞
Vulnerability Description
VMware Tanzu Spring LDAP是美国威睿(VMware)公司的一个用于简化 Java 中 LDAP 编程的库。 VMware Tanzu Spring LDAP存在安全漏洞,该漏洞源于允许在区分大小写的比较中暴露数据。
CVSS Information
N/A
Vulnerability Type
N/A