A security scan has identified a potential vulnerability for DX UIM for Spring Framework 5.3.37 - CVE-2024-38809 - is there a way to remediate this vulnerability?
DX UIM 23.4.2 and prior
DX UIM is not vulnerable to this specific attack even though the affected version of Spring Framework is in use.
Applications that parse ETags from "If-Match" or "If-None-Match" request headers are vulnerable, but DX UIM does not perform these operations.
We are aware that this may still trigger a security scan to report the vulnerability, so the Spring Framework will be updated as a matter of normal course in an upcoming release of DX UIM.