CVE-2024-38820

Publication date

2024-10-18 05:39:05

Family

vmware

State

PUBLISHED

Description

The fix for CVE-2022-22968 made disallowedFields patterns in DataBinder case insensitive. However, String.toLowerCase() has some Locale dependent exceptions that could potentially result in fields not protected as expected.