admin/cve
1
0
Fork 0
mirror of https://github.com/0xMarcio/cve.git synced 2025-06-02 03:30:48 +00:00
Code Issues Packages Projects Releases Wiki Activity
cve/2024/CVE-2024-38807.md

18 lines
780 B
Markdown
Raw Normal View History

Update CVE sources 2024-08-23 18:19
2024-08-23 18:19:28 +00:00
### [CVE-2024-38807](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38807)
![](https://img.shields.io/static/v1?label=Product&message=Spring%20Boot&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=2.7.x%3C%202.7.22%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
### Description
Applications that use spring-boot-loader or spring-boot-loader-classic and contain custom code that performs signature verification of nested jar files may be vulnerable to signature forgery where content that appears to have been signed by one signer has, in fact, been signed by another.
### POC
#### Reference
No PoCs from references.
#### Github
- https://github.com/fkie-cad/nvd-json-data-feeds
Reference in New Issue Copy Permalink