How severe is CVE-2024-38829?

This vulnerability has a severity rating of LOW with a CVSS score of 3.7 out of 10.

What type of vulnerability is CVE-2024-38829?

This is classified as CWE-178, which is a common weakness in software security.

CVE-2024-38829

LOW Year: 2024

CVSS v3 Score

3.7

Low

Weakness Type

CWE-178

View all →

Vulnerability Description

A vulnerability in Spring LDAP allows data exposure for case sensitive comparisons.This issue affects Spring LDAP: from 2.4.0 through 2.4.3, from 3.0.0 through 3.0.9, from 3.1.0 through 3.1.7, from 3.2.0 through 3.2.7, AND all versions prior to 2.4.0. The usage of String.toLowerCase() and String.toUpperCase() has some Locale dependent exceptions that could potentially result in unintended columns from being queried Related to CVE-2024-38820 https://spring.io/security/cve-2024-38820

CVE-2025-4035

MEDIUM

CVSS:4.3(Medium)

A flaw was found in libsoup. When handling cookies, libsoup clients mistakenly allow cookies to be set for public suffix domains if the domain contains at least two components and includes an uppercas...

CWE-1782025

CVE-2024-32879

MEDIUM

CVSS:4.9(Medium)

Python Social Auth is a social authentication/registration mechanism. Prior to version 5.4.1, due to default case-insensitive collation in MySQL or MariaDB databases, third-party authentication user I...

CWE-1782024

CVE-2021-0973

MEDIUM

CVSS:5.0(Medium)

In isFileUri of UriUtil.java, there is a possible way to bypass ignoring file://URI attachment due to improper handling of case sensitivity. This could lead to local information disclosure with no add...

CWE-1782021

CVE-2018-8337

MEDIUM

CVSS:5.3(Medium)

A security feature bypass vulnerability exists when Windows Subsystem for Linux improperly handles case sensitivity, aka "Windows Subsystem for Linux Security Feature Bypass Vulnerability." This affec...

CWE-1782018

CVE-2022-22968

MEDIUM

CVSS:5.3(Medium)

In Spring Framework versions 5.3.0 - 5.3.18, 5.2.0 - 5.2.20, and older unsupported versions, the patterns for disallowedFields on a DataBinder are case sensitive which means a field is not effectively...

CWE-1782022

CVE-2024-38820

MEDIUM

CVSS:5.3(Medium)

The fix for CVE-2022-22968 made disallowedFields patterns in DataBinder case insensitive. However, String.toLowerCase() has some Locale dependent exceptions that could potentially result in fields not...

CWE-1782024

CVE-2024-38829

Vulnerability Description

Related Vulnerabilities

CVE-2025-4035

CVE-2024-32879

CVE-2021-0973

CVE-2018-8337

CVE-2022-22968

CVE-2024-38820