Security vulnerability -> cve-2024-38819 in spring-web-5.3.39-atlassian-2.jar

XMLWordPrintable

    • Type: Suggestion
    • Resolution: Unresolved
    • None
    • Component/s: Security
    • None
    • 1
    • 3

      CONFLUENCE DATA CENTER
      Version 8.5.17
      CVSS Base Score: 7.5
      Affected spring framework, used by given Confluence Version.

      Security scan procedures reported following impact.

      Refer to 
      https://spring.io/security/cve-2024-38819
      https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N&version=3.1

      /opt/confluence/confluence/synchrony-proxy/WEB-INF/lib/spring-web-5.3.39-atlassian-2.jar

      Affected Versions:
      Spring Framework:
      5.3.0 - 5.3.40
      6.0.0 - 6.0.24
      6.1.0 - 6.1.13

      An attacker can craft malicious HTTP requests and obtain any file on the file system that is also accessible to the process in which the Spring application is running.

      ....
      Sorry,was not allowed to create a vulnerability ticket.

            Assignee:
            Unassigned
            Reporter:
            Harald Maierhofer
            Votes:
            4 Vote for this issue
            Watchers:
            9 Start watching this issue

              Created:
              Updated: