Applications that use spring-boot-loader or spring-boot-loader-classic and contain custom code that performs signature verification of nested jar files may be vulnerable to signature forgery where content that appears to have been signed by one signer has, in fact, been signed by another.
References
Link | Resource |
---|---|
https://spring.io/security/cve-2024-38807 |
Configurations
No configuration.
History
23 Aug 2024, 16:18
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
23 Aug 2024, 09:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-08-23 09:15
Updated : 2024-08-23 16:18
NVD link : CVE-2024-38807
Mitre link : CVE-2024-38807
CVE.ORG link : CVE-2024-38807
JSON object : View
Products Affected
No product.
CWE
No CWE.