< Back

CVE-2024-38821

Updated on 28 Oct 2024

Severity

9.1 Critical severity

Spring WebFlux applications that have Spring Security authorization rules on static resources can be bypassed under certain circumstances.

For this to impact an application, all of the following must be true:

It must be a WebFlux application
It must be using Spring’s static resources support
It must have a non-permitAll authorization rule applied to the static resources support

Spring WebFlux applications that have Spring Security authorization rules on static resources can be bypassed under certain circumstances.

For this to impact an application, all of the following must be true:

It must be a WebFlux application
It must be using Spring’s static resources support
It must have a non-permitAll authorization rule applied to the static resources support

Operating system / Project

Open as a page

Advisory

CLSA-2025:1748945064

Operating system

CentOS 8.4 ELS

Published date

Nov 16, 2014

Project

Linux

Version

2.11.0-1~ubuntu16.04.1+tuxcare.els12

Update command:

apt-get update
apt-get --only-upgrade install ansible*

Insufficiently Random Passwords Leakage
Debian/patches/CVE-2020-10729.patch: Fix caching of Jinja2 expressions to prevent caching dynamic results
CVE-2020-10729

ansible_2.5.1+dfsg-1ubuntu0.1+tuxcare.els6_all.deb