View at Official debian advisory, NVD, CVE.org · CVE detail
Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.
CVE-2024-38807 unimportant priority: Debian including 1 source packages (libspring-java), 5 status rows across 5 suites (bookworm, bullseye, forky, sid, trixie): open 5.
Applications that use spring-boot-loader or spring-boot-loader-classic and contain custom code that performs signature verification of nested jar files may be vulnerable to signature forgery where content that appears to have been signed by one signer has, in fact, been signed by another.