-
Bug
-
Resolution: Fixed
-
High
-
7.19.0, 8.5.0, 9.1.1
-
7
-
Severity 3 - Minor
-
3
-
Issue Summary
Applications serving static resources through the functional web frameworks WebMvc.fn or WebFlux.fn are vulnerable to path traversal attacks. An attacker can craft malicious HTTP requests and obtain any file on the file system that is also accessible to the process in which the Spring application is running.
Reference: https://spring.io/security/cve-2024-38819
This is similar to CVE-2024-38816 but with different inputs.
- follows
-
VULN-1460611 Failed to load
[CONFSERVER-98564] CVE-2024-38819: Path traversal vulnerability in org.springframework:spring-webmvc used by Confluence Data Center
| Fix Version/s | New: 9.2.0 [ 110293 ] |
| Fix Version/s | Original: 9.2.0 [ 110293 ] |
| Security | Original: Reporter and Atlassian Staff [ 10751 ] |
| Fix Version/s | New: 9.2.0 [ 110293 ] |
| Labels | Original: CVE-2024-38816 CVE-2024-38819 ewt-rtb-service-operations-and-tech-entropy internal-kickoff kw-25 security security-imported | New: CVE-2024-38816 CVE-2024-38819 ewt-rtb-service-operations-and-tech-entropy internal-kickoff kw-25 resolved-in-vf security security-imported |
| Resolution | New: Fixed [ 1 ] | |
| Status | Original: Waiting for Release [ 12075 ] | New: Closed [ 6 ] |
| UIS | Original: 1 | New: 3 |
| Support reference count | Original: 5 | New: 7 |
| Support reference count | Original: 3 | New: 5 |
| UIS | New: 1 |