github · sealbenb · Jun 25, 2026
diff --git a/advisories/github-reviewed/2024/10/GHSA-c4q5-6c82-3qpw/GHSA-c4q5-6c82-3qpw.json b/advisories/github-reviewed/2024/10/GHSA-c4q5-6c82-3qpw/GHSA-c4q5-6c82-3qpw.json
@@ -1,18 +1,14 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-c4q5-6c82-3qpw",
-  "modified": "2025-01-24T21:31:27Z",
+  "modified": "2025-01-24T21:31:28Z",
   "published": "2024-10-28T09:30:53Z",
   "aliases": [
     "CVE-2024-38821"
   ],
   "summary": "Spring Security vulnerable to Authorization Bypass of Static Resources in WebFlux Applications",
   "details": "Spring WebFlux applications that have Spring Security authorization rules on static resources can be bypassed under certain circumstances.\n\nFor this to impact an application, all of the following must be true:\n\n  *  It must be a WebFlux application\n  *  It must be using Spring's static resources support\n  *  It must have a non-permitAll authorization rule applied to the static resources support",
   "severity": [
-    {
-      "type": "CVSS_V3",
-      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"
-    },
     {
       "type": "CVSS_V4",
       "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"
@@ -29,7 +25,7 @@
           "type": "ECOSYSTEM",
           "events": [
             {
-              "introduced": "0"
+              "introduced": "5.0.0"
             },
             {
               "fixed": "5.7.13"