Main Vulnerability Database Vulnerabilities #VU98796

#VU98796 Path traversal in Pivotal Spring Framework - CVE-2024-38819

Published: October 17, 2024 / Updated: December 19, 2024

Vulnerability identifier: #VU98796

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/U:Green

CVE-ID: CVE-2024-38819

CWE-ID: CWE-22

Exploitation vector: Remote access

Exploit availability: Public exploit is available

Vulnerable software:
Pivotal Spring Framework

Software vendor:
Pivotal

Description

The vulnerability allows a remote attacker to perform directory traversal attacks.

The vulnerability exists due to input validation error when processing directory traversal sequences in applications that serve static resources through the functional web frameworks WebMvc.fn or WebFlux.fn. A remote attacker can send a specially crafted HTTP request and read arbitrary files on the system.

Remediation

Install update from vendor's website.

External links

https://spring.io/security/cve-2024-38819

#VU98796 Path traversal in Pivotal Spring Framework - CVE-2024-38819

Description

Remediation

External links

Please verify you're human