System	Score	Found at
cvssv3	5.3	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-38828.json
epss	0.00076	https://api.first.org/data/v1/epss?cve=CVE-2024-38828
cvssv3.1	5.3	https://github.com/spring-projects/spring-framework
generic_textual	MODERATE	https://github.com/spring-projects/spring-framework
cvssv3.1	5.3	https://nvd.nist.gov/vuln/detail/CVE-2024-38828
generic_textual	MODERATE	https://nvd.nist.gov/vuln/detail/CVE-2024-38828
cvssv3.1	5.3	https://security.netapp.com/advisory/ntap-20250509-0009
generic_textual	MODERATE	https://security.netapp.com/advisory/ntap-20250509-0009
cvssv3.1	5.3	https://spring.io/security/cve-2024-38828
generic_textual	MODERATE	https://spring.io/security/cve-2024-38828
ssvc	Track	https://spring.io/security/cve-2024-38828

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-38828.json
		https://api.first.org/data/v1/epss?cve=CVE-2024-38828
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38828
		https://github.com/spring-projects/spring-framework
		https://security.netapp.com/advisory/ntap-20250509-0009
2326889		https://bugzilla.redhat.com/show_bug.cgi?id=2326889
CVE-2024-38828		https://nvd.nist.gov/vuln/detail/CVE-2024-38828
CVE-2024-38828		https://spring.io/security/cve-2024-38828
GHSA-w3c8-7r8f-9jp8		https://github.com/advisories/GHSA-w3c8-7r8f-9jp8

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-38828.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Found at https://github.com/spring-projects/spring-framework

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Found at https://nvd.nist.gov/vuln/detail/CVE-2024-38828

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Found at https://security.netapp.com/advisory/ntap-20250509-0009

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Found at https://spring.io/security/cve-2024-38828

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

---

Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-18T15:07:55Z/ Found at https://spring.io/security/cve-2024-38828

---

Percentile	0.22931
EPSS Score	0.00076
Published At	June 5, 2026, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2026-06-04T16:22:39.802445+00:00	GitLab Importer	Import	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.springframework/spring-webmvc/CVE-2024-38828.yml	38.6.0