CVE-2024-38807— CVE-2024-38807: Signature Forgery Vulnerability in Spring Boot's Loader

CVE-2024-38807: Signature Forgery Vulnerability in Spring Boot's Loader

Applications that use spring-boot-loader or spring-boot-loader-classic and contain custom code that performs signature verification of nested jar files may be vulnerable to signature forgery where content that appears to have been signed by one signer has, in fact, been signed by another.

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N

N/A

VMware Spring Boot 安全漏洞

VMware Spring Boot是美国威睿（VMware）公司的一套开源框架。 VMware Spring Boot存在安全漏洞，该漏洞源于容易受到签名伪造的攻击。以下产品及版本受到影响： 2.7.0至2.7.21版本、3.0.0至3.0.16版本、3.1.0至3.1.12版本、3.2.0至3.2.8版本和3.3.0至3.3.2版本。

N/A

N/A