-
Bug
-
Resolution: Fixed
-
High
-
7.19.0, 8.5.0, 9.1.1
-
7
-
Severity 3 - Minor
-
3
-
Issue Summary
Applications serving static resources through the functional web frameworks WebMvc.fn or WebFlux.fn are vulnerable to path traversal attacks. An attacker can craft malicious HTTP requests and obtain any file on the file system that is also accessible to the process in which the Spring application is running.
Reference: https://spring.io/security/cve-2024-38819
This is similar to CVE-2024-38816 but with different inputs.
- follows
-
VULN-1460611 Failed to load
Form Name |
---|
Hi ,
we upgraded confluence data center 9.1.0 to 9.2.0 version, but we found /opt/confluence/atlassian/confluence/synchrony-proxy/WEB-INF/lib/spring-webmvc-5.3.39-atlassian-3.jar is still in use. As per this page CVE-2024-38819: Path traversal vulnerability in functional web frameworks (2nd report) fixed in 5.3.41.
How to fix issue