VDB
DEBIAN-CVE-2024-38807
DEBIAN-CVE-2024-38807
PUBLISHED
CVSS 6.300000190734863 MEDIUM
Applications that use spring-boot-loader or spring-boot-loader-classic and contain custom code that performs signature verification of nested jar files may be vulnerable to signature forgery where content that appears to have been signed by one signer has, in fact, been signed by another.
Risk Scores
CVSS v3.1
6.300000190734863
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian:11 | libspring-java | 4.3.30-3, 0, 4.3.30-1 |
| Debian:12 | libspring-java | 0, 4.3.30-2, 4.3.30-3 |
| Debian:14 | libspring-java | 0, 4.3.30-4, 0 |
| Debian:13 | libspring-java | 0, 4.3.30-4, 0 |
Timeline
- Aug 23, 2024 CVE Published
- Apr 28, 2026 CVE Updated