CVE-2024-38821 - Improper Authorization

Severity: None2025-03-11

Security Advisories

Abstract

Spring WebFlux applications that have Spring Security authorization rules on static resources can be bypassed under certain circumstances. For this to impact an application, all of the following must be true: * It must be a WebFlux application * It must be using Spring's static resources support * It must have a non-permitAll authorization rule applied to the static resources support

The Oxygen products incorporate gosu as a third-party libraries. This advisory was opened to address the potential impact of this third-party libraries vulnerability.

Affected Products/Versions

ProductSeverityFixed Release Availability
Oxygen Content Fusion v7.1 and olderNone Oxygen Content Fusion 7.1.1 build 2024120911
Oxygen Feedback v5.0 and olderNone Oxygen Feedback 5.1 build 2024121116

Mitigation

None

Detail

CVE-2024-38821

Severity: Critical

CVSS Score: 9.1

The Spring WebFlux third-party libraries used by Oxygen XML products are an affected version mentioned in CVE-2024-38821 vulnerability description. However, Oxygen Content Fusion and Oxygen Feedback are not WebFlux applications. For that reason Oxygen products are not affected by this vulnerability.

Starting with Oxygen Content Fusion v7.1.1 build 2024120911 Spring WebFlux library was updatet to a version that fixes this vulnerability.

Starting with Oxygen Feedback v5.1 build 2024121116 Spring WebFlux library was updatet to a version that fixes this vulnerability.

List of Security Advisories

Video Tutorials
Upcoming Events
conference
Evolution of TC 2025

Products

Features

Shop

Resources

Support

Company

© 2002-2025 SyncRO Soft SRL. All rights reserved.

This website was created & generated with <oXygen/>®XML Editor