{"vulnerability": "CVE-2024-38821", "sightings": [{"uuid": "c77fde33-c071-460e-b011-5ca9d61af758", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38821", "type": "seen", "source": "https://infosec.exchange/users/cR0w/statuses/113877916793081869", "content": "", "creation_timestamp": "2025-01-23T13:31:51.936172Z"}, {"uuid": "80f0eed7-813f-4a78-b61e-1458127471fa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38821", "type": "seen", "source": "https://t.me/CyberBulletin/1305", "content": "\u26a1\ufe0fCVE-2024-38821 (CVSS 9.1) Allows Authorization Bypass in Spring WebFlux Applications.\n\n#CyberBulletin", "creation_timestamp": "2024-10-29T05:03:03.000000Z"}, {"uuid": "9da9fd59-ff2b-47b6-b43b-c9a07c5d31a9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38821", "type": "seen", "source": "MISP/d0bda5d9-8cbc-4c6c-8803-a5e3150f9ec2", "content": "", "creation_timestamp": "2025-09-01T19:03:03.000000Z"}, {"uuid": "420e0323-3ebb-4455-86e7-04ce0f61fd59", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38821", "type": "seen", "source": "https://t.me/cvedetector/9093", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-38821 - Spring WebFlux: Bypassing Spring Security Authorization Rules on Static Resources\", \n  \"Content\": \"CVE ID : CVE-2024-38821 \nPublished : Oct. 28, 2024, 7:15 a.m. | 44\u00a0minutes ago \nDescription : Spring WebFlux applications that have Spring Security authorization rules on static resources can be bypassed under certain circumstances.  \n  \nFor this to impact an application, all of the following must be true:  \n  \n  *  It must be a WebFlux application  \n  *  It must be using Spring's static resources support  \n  *  It must have a non-permitAll authorization rule applied to the static resources support \nSeverity: 9.1 | CRITICAL \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"28 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-28T09:28:03.000000Z"}, {"uuid": "2b39077e-303f-46f7-8435-59c7d21e5211", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38821", "type": "seen", "source": "https://t.me/CyberBulletin/26249", "content": "\u26a1\ufe0fCVE-2024-38821 (CVSS 9.1) Allows Authorization Bypass in Spring WebFlux Applications.\n\n#CyberBulletin", "creation_timestamp": "2024-10-29T05:03:03.000000Z"}, {"uuid": "66ebcbdd-afe8-4dca-9f72-e2bd9863d387", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38821", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/11730", "content": "#WebApp_Security\n#Offensive_security\n1. Supply Chain Attacks in Web3: A New Era\nhttps://osec.io/blog/2024-06-10-supply-chain-attacks-a-new-era\n2. Spring WebFlux Authorization Bypass: CVE-2024-38821 Explained\nhttps://www.deep-kondah.com/spring-webflux-static-resource-access-vulnerability-cve-2024-38821-explained\n3. A CLI for cracking, testing vulnerabilities on Json Web Token\nhttps://github.com/tyki6/MyJWT", "creation_timestamp": "2025-01-25T14:14:21.000000Z"}]}