Improper Handling of Case Sensitivity
CVE-2024-38829
Summary
A VMware Tanzu Spring LDAP vulnerability allows potential data exposure during case-sensitive comparisons. This issue impacts Spring LDAP versions prior to 2.4.4, 3.0.x prior to 3.2.8. The vulnerability arises from the usage of "String.toLowerCase()" and "String.toUpperCase()," which have Locale-dependent exceptions. These exceptions can lead to unintended columns being queried.
- HIGH
- NETWORK
- NONE
- UNCHANGED
- NONE
- NONE
- LOW
- NONE
CWE-178 - Improper Handling of Case Sensitivity
The software does not properly account for differences in case sensitivity when accessing or determining the properties of a resource, leading to inconsistent results.
Advisory Timeline
- Published