CVE-2024-38809 Information

Description

Applications that parse ETags from \If-Match\ or \If-None-Match\ request headers are vulnerable to DoS attack.

Users of affected versions should upgrade to the corresponding fixed version.

Users of older unsupported versions could enforce a size limit on \If-Match\ and \If-None-Match\ headers e.g. through a Filter.

Reference

https://spring.io/security/cve-2024-38809