Description

Applications that use spring-boot-loader or spring-boot-loader-classic and contain custom code that performs signature verification of nested jar files may be vulnerable to signature forgery where content that appears to have been signed by one signer has, in fact, been signed by another.

INFO

Published Date :

2024-08-23T08:26:11.826Z

Last Modified :

2025-03-27T16:36:21.258Z

Source :

vmware
AFFECTED PRODUCTS

The following products are affected by CVE-2024-38807 vulnerability.

No data.

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-38807.

URL Resource
https://security.netapp.com/advisory/ntap-20250117-0006/ cve-icon
https://spring.io/security/cve-2024-38807 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact