Applications serving static resources through the functional web frameworks WebMvc.fn or WebFlux.fn are vulnerable to path traversal attacks. An attacker can craft malicious HTTP requests and obtain any file on the file system that is also accessible to the process in which the Spring application is running.
Metrics
Affected Vendors & Products
References
History
Fri, 20 Dec 2024 18:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Thu, 19 Dec 2024 17:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | A flaw was found in the Spring Framework. Applications serving static resources through the functional web frameworks WebMvc.fn or WebFlux.fn are vulnerable to path traversal attacks. This flaw allows an attacker to craft malicious HTTP requests and obtain any file on the file system that is also accessible to the process in which the Spring application is running. | Applications serving static resources through the functional web frameworks WebMvc.fn or WebFlux.fn are vulnerable to path traversal attacks. An attacker can craft malicious HTTP requests and obtain any file on the file system that is also accessible to the process in which the Spring application is running. |
References |
|
Tue, 03 Dec 2024 02:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Redhat
Redhat apache Camel Spring Boot |
|
CPEs | cpe:/a:redhat:apache_camel_spring_boot:4.8 | |
Vendors & Products |
Redhat
Redhat apache Camel Spring Boot |
Fri, 22 Nov 2024 14:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | A flaw was found in the Spring Framework. Applications serving static resources through the functional web frameworks WebMvc.fn or WebFlux.fn are vulnerable to path traversal attacks. This flaw allows an attacker to craft malicious HTTP requests and obtain any file on the file system that is also accessible to the process in which the Spring application is running. | |
Title | org.springframework:spring-webmvc: Path traversal vulnerability in functional web frameworks | |
Weaknesses | CWE-22 | |
References |
| |
Metrics |
threat_severity
|
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: vmware
Published: 2024-12-19T17:15:12.704Z
Updated: 2024-12-20T17:54:04.143Z
Reserved: 2024-06-19T22:32:06.583Z
Link: CVE-2024-38819
Vulnrichment
Updated: 2024-12-20T17:53:58.979Z
NVD
Status : Received
Published: 2024-12-19T18:15:10.557
Modified: 2024-12-19T18:15:10.557
Link: CVE-2024-38819
Redhat