CVE-2024-38828

Description

Spring MVC controller methods with an @RequestBody byte[] method parameter are vulnerable to a DoS attack.

Affected packages (2)

• Debian/libspring-javafrom 0
• Maven/org.springframework:spring-webmvc>= 5.3.0, < 5.3.42

CVSS scores

References (5)

• ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2024-38828
• ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2024-38828
• PATCHhttps://github.com/spring-projects/spring-framework
• WEBhttps://security.netapp.com/advisory/ntap-20250509-0009
• WEBhttps://spring.io/security/cve-2024-38828