Recent CVEs
CVE-2024-38828
Spring MVC controller methods with an @RequestBody byte[] method parameter are vulnerable to a DoS attack.
MEDIUM
Nov 18, 2024
CVE-2024-38820
The fix for CVE-2022-22968 made disallowedFields patterns in DataBinder case insensitive. However, String.toLowerCase() has some Locale dependent exceptions that could potentially result in fields not protected as expected.
LOW
Oct 18, 2024