CVE-2024-38820 - Apache Struts Case Insensitive Validation Bypass Vulnerability

1 month ago 16
ARTICLE AD BOX
CVE ID : CVE-2024-38820
Published : Oct. 18, 2024, 6:15 a.m. | 24 minutes ago
Description : The fix for CVE-2022-22968 made disallowedFields patterns in DataBinder case insensitive. However, String.toLowerCase() has some Locale dependent exceptions that could potentially result in fields not protected as expected.
Severity: 3.1 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
Read Entire Article