Aikido Intel
Secure My Code
Intel

AIKIDO-2024-10362

spring-websocket is vulnerable to Improper Handling of Case Sensitivity

Improper Handling of Case SensitivityCVE-2024-38820 Published Oct 24, 2024

23

Low Risk

This Affects:

javaspring-websocket
0.0.1 - 5.3.40
Fixed in 5.3.41
6.0.0 - 6.0.24
Fixed in 6.0.25
6.1.0 - 6.1.13
Fixed in 6.1.14
Are you affected? Scan for Free

TL;DR

Affected versions of the package are vulnerable to improper handling of case sensitivity. The use of String.toLowerCase() introduces locale-dependent exceptions that can cause fields to be improperly protected, potentially allowing attackers to bypass security checks based on case variations that are not handled consistently across different locales.

Who does this affect?

You are affected if you are using a version that falls within the vulnerable range.

Background info

spring-websocket is vulnerable to Improper Handling of Case Sensitivity in versions 0.0.1 - 5.3.40, 6.0.0 - 6.0.24 and 6.1.0 - 6.1.13.

How to fix this

Upgrade the org.springframework:spring-websocket library to a patch version.

Links

Are You Affected?

Connect your repositories to instantly see whether vulnerable or malicious packages exist in your codebase.

Scan for Free
Book a Demo

Free. No credit card required.

Aikido Platform
Subscribe
Stay up to date with all updates
LinkedIn YouTube X
© 2026 Aikido Security BV | BE0792914919
Ghent, Belgium | San Francisco, US
SOC 2SOC 2Compliant
ISO 27001ISO 27001Compliant
Get Security Done