Applications serving static resources through the functional web frameworks WebMvc.fn or WebFlux.fn are vulnerable to path traversal attacks. An attacker can craft malicious HTTP requests and obtain any file on the file system that is also accessible to the process in which the Spring application is running.
History

Fri, 20 Dec 2024 18:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Thu, 19 Dec 2024 17:30:00 +0000

Type Values Removed Values Added
Description A flaw was found in the Spring Framework. Applications serving static resources through the functional web frameworks WebMvc.fn or WebFlux.fn are vulnerable to path traversal attacks. This flaw allows an attacker to craft malicious HTTP requests and obtain any file on the file system that is also accessible to the process in which the Spring application is running. Applications serving static resources through the functional web frameworks WebMvc.fn or WebFlux.fn are vulnerable to path traversal attacks. An attacker can craft malicious HTTP requests and obtain any file on the file system that is also accessible to the process in which the Spring application is running.
References

Tue, 03 Dec 2024 02:15:00 +0000

Type Values Removed Values Added
First Time appeared Redhat
Redhat apache Camel Spring Boot
CPEs cpe:/a:redhat:apache_camel_spring_boot:4.8
Vendors & Products Redhat
Redhat apache Camel Spring Boot

Fri, 22 Nov 2024 14:00:00 +0000

Type Values Removed Values Added
Description A flaw was found in the Spring Framework. Applications serving static resources through the functional web frameworks WebMvc.fn or WebFlux.fn are vulnerable to path traversal attacks. This flaw allows an attacker to craft malicious HTTP requests and obtain any file on the file system that is also accessible to the process in which the Spring application is running.
Title org.springframework:spring-webmvc: Path traversal vulnerability in functional web frameworks
Weaknesses CWE-22
References
Metrics threat_severity

None

cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N'}

threat_severity

Important


cve-icon MITRE

Status: PUBLISHED

Assigner: vmware

Published: 2024-12-19T17:15:12.704Z

Updated: 2024-12-20T17:54:04.143Z

Reserved: 2024-06-19T22:32:06.583Z

Link: CVE-2024-38819

cve-icon Vulnrichment

Updated: 2024-12-20T17:53:58.979Z

cve-icon NVD

Status : Received

Published: 2024-12-19T18:15:10.557

Modified: 2024-12-19T18:15:10.557

Link: CVE-2024-38819

cve-icon Redhat

Severity : Important

Publid Date: 2024-10-17T00:00:00Z

Links: CVE-2024-38819 - Bugzilla