Security scans reports that the Tridion Sites 10.0 microservices (ie the Deployer) has spring-web-5.3.27.jar, for which the CVE-2024-38819 vulnerability is applicable. At the time this article was written, the latest CD hotfix CD_12.0.0_40704 had spring-web-5.3.37.jar, and in CVE-2024-38819 the fix version is 5.3.41.