Spring Boot: Signature Forgery Vulnerability - Proactive Insights and Support For Open-Source Applications

In Spring Boot versions 2.7.0 to 2.7.21, 3.0.0 to 3.0.16, 3.1.0 to 3.1.12, 3.2.0 to 3.2.8, and 3.3.0 to 3.3.2 a medium severity vulnerability CVE-2024-38807 was detected. This vulnerability allows for signature forgery, where content that appears to have been signed by one signer has actually been signed by another. To fix this issue, users must upgrade Spring Boot to 2.7.22, 3.0.17, 3.1.13, 3.2.9, or 3.3.3. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-38807.