Path traversal in Pivotal Spring Framework - CVE-2024-38819
Published: October 17, 2024 / Updated: December 19, 2024
Vulnerability identifier: #VU98796
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/U:Green
CVE-ID: CVE-2024-38819
CWE-ID: CWE-22
Exploitation vector: Remote access
Exploit availability:
Public exploit is available
Vendor: Pivotal
Affected software:
Pivotal Spring Framework
Pivotal Spring Framework
Detailed vulnerability description
The vulnerability allows a remote attacker to perform directory traversal attacks.
The vulnerability exists due to input validation error when processing directory traversal sequences in applications that serve static resources through the functional web frameworks WebMvc.fn or WebFlux.fn. A remote attacker can send a specially crafted HTTP request and read arbitrary files on the system.
How to mitigate CVE-2024-38819
Install update from vendor's website.