CVE-2024-38816

A flaw was found in Spring applications using the WebMvc.fn or WebFlux.fn frameworks. This issue can allow attackers to perform path traversal attacks via crafted HTTP requests when the application serves static resources using RouterFunctions and explicitly configures resource handling with a...

ai.ancf.lmos:lmos-operator (>=0.0.4 <=0.1.0), ai.driftkit:driftkit-chat-assistant-framework (>=0.5.0 <=0.8.7) +2663 more potentially affected by CVE-2024-38816 via org.springframework:spring-webmvc (>=6.1.0 <=6.1.12)

org.springframework:spring-webmvc MAVEN version =6.1.0, =0.0.4, =0.5.0, =0.6.0, =0.5.0, =0.7.0, =0.7.0, =0.5.0, =0.7.5, =0.8.3, =0.7.0, =0.5.0, =0.5.0, =0.5.0, =1.12.0, =1.14.0 - ai.yda-framework:rest-spring-channel =0.1.0 and more Source cves: CVE-2024-38816 Source advisory: OSV:GHSA-CX7F-G6MP-7...

GHSA-CX7F-G6MP-7HQM Path traversal vulnerability in functional web frameworks

Applications serving static resources through the functional web frameworks WebMvc.fn or WebFlux.fn are vulnerable to path traversal attacks. An attacker can craft malicious HTTP requests and obtain any file on the file system that is also accessible to the process in which the Spring application...

africa.absa:inception-application (>=1.1.0 <=1.2.0), africa.absa:inception-test (>=1.1.0 <=1.2.0) +1984 more potentially affected by CVE-2024-38816 via org.springframework:spring-webflux (>=5.3.0 <=5.3.39)

org.springframework:spring-webflux MAVEN version =5.3.0, =1.1.0, =1.1.0, =j11.2.6.0, =v0.3.12, =v0.3.12, =v0.3.12, =4.1.36, =4.1.36, =1.7, =1.0, =1.0.0, =1.0.1, =1.0.6 and more Source cves: CVE-2024-38816 Source advisory: OSV:GHSA-CX7F-G6MP-7HQM...

africa.absa:inception-api (>=1.1.0 <=1.2.0), africa.absa:inception-codes-api (>=1.1.0 <=1.2.0) +10609 more potentially affected by CVE-2024-38816 via org.springframework:spring-webmvc (>=5.3.0 <=5.3.39)

org.springframework:spring-webmvc MAVEN version =5.3.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =4.4.0.2, =j11.2.6.0, =j11.2.6.0, =j11.2.6.0, =j11.2.6.2 and more Source cves: CVE-2024-38816 Source advisory: OSV:GHSA-CX7F-G6MP-7HQM...

ai.ancf.lmos-router:lmos-router-llm-in-spring-cloud-gateway-demo (>=0.2.0 <=0.28.0), ai.ancf.lmos:arc-graphql-spring-boot-starter (>=0.1.1 <=0.112.0) +748 more potentially affected by CVE-2024-38816 via org.springframework:spring-webflux (>=6.1.0 <=6.1.12)

org.springframework:spring-webflux MAVEN version =6.1.0, =0.2.0, =0.1.1, =0.1.1, =0.0.4, =0.1.0, =0.6.0, =0.6.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =3.3.1, =1.0.0, =1.0.9 and more Source cves: CVE-2024-38816 Source advisory: OSV:GHSA-CX7F-G6MP-7HQM...

Path traversal vulnerability in functional web frameworks

Applications serving static resources through the functional web frameworks WebMvc.fn or WebFlux.fn are vulnerable to path traversal attacks. An attacker can craft malicious HTTP requests and obtain any file on the file system that is also accessible to the process in which the Spring application...

be.dnsbelgium:rdap-server (>=4.0.0 <=4.0.3), be.personify.iam:personify-api (>=1.5.0.RELEASE <=1.5.2.RELEASE) +2804 more potentially affected by CVE-2024-38816 via org.springframework:spring-webmvc (>=6.0.0 <=6.0.23)

org.springframework:spring-webmvc MAVEN version =6.0.0, =4.0.0, =1.5.0.RELEASE, =1.5.1.RELEASE, =1.5.0.RELEASE, =2.1.0.RELEASE, =3.0.0, =2.10.0, =2.10.0, =2.10.0, =2.10.0, =2.10.0, =3.4.0 and more Source cves: CVE-2024-38816 Source advisory...

ai.optfor:spring-openai-api (>=0.2.2 <=0.3.25), app.boboc:webflux-websocket-coroutine (>=0.0.6 <=1.0.0) +659 more potentially affected by CVE-2024-38816 via org.springframework:spring-webflux (>=6.0.0 <=6.0.23)

org.springframework:spring-webflux MAVEN version =6.0.0, =0.2.2, =0.0.6, =0.0.6, =4.6.18, =0.14.0, =0.15.0, =0.15.0, =0.15.0, =0.15.0, =0.15.0-RC2 and more Source cves: CVE-2024-38816 Source advisory: OSV:GHSA-CX7F-G6MP-7HQM...

CVE-2024-38816

Applications serving static resources through the functional web frameworks WebMvc.fn or WebFlux.fn are vulnerable to path traversal attacks. An attacker can craft malicious HTTP requests and obtain any file on the file system that is also accessible to the process in which the Spring application...

CVE-2024-38816

Applications serving static resources through the functional web frameworks WebMvc.fn or WebFlux.fn are vulnerable to path traversal attacks. An attacker can craft malicious HTTP requests and obtain any file on the file system that is also accessible to the process in which the Spring application...

UBUNTU-CVE-2024-38816

Applications serving static resources through the functional web frameworks WebMvc.fn or WebFlux.fn are vulnerable to path traversal attacks. An attacker can craft malicious HTTP requests and obtain any file on the file system that is also accessible to the process in which the Spring application...

CVE-2024-38816 CVE-2024-38816: Path traversal vulnerability in functional web frameworks

Applications serving static resources through the functional web frameworks WebMvc.fn or WebFlux.fn are vulnerable to path traversal attacks. An attacker can craft malicious HTTP requests and obtain any file on the file system that is also accessible to the process in which the Spring application...

CVE-2024-38816

Applications serving static resources through the functional web frameworks WebMvc.fn or WebFlux.fn are vulnerable to path traversal attacks. An attacker can craft malicious HTTP requests and obtain any file on the file system that is also accessible to the process in which the Spring application...

CVE-2024-38816 CVE-2024-38816: Path traversal vulnerability in functional web frameworks

Applications serving static resources through the functional web frameworks WebMvc.fn or WebFlux.fn are vulnerable to path traversal attacks. An attacker can craft malicious HTTP requests and obtain any file on the file system that is also accessible to the process in which the Spring application...

CVE-2024-38816

CVE-2024-38816 affects Spring Framework components that serve static resources via RouterFunctions (WebMvc.fn/WebFlux.fn) and a FileSystemResource location. Exploitation targets path traversal to read files accessible to the app process. According to IBM/VMware sources, the vulnerability is mitig...

VMware Spring Framework 安全漏洞

VMware Spring Framework is a set of open source Java, JavaEE application frameworks from VMware. The framework helps developers build high-quality applications. A security vulnerability exists in VMware Spring Framework that stems from the presence of a directory traversal vulnerability that coul...

A Bootiful Podcast: Spring creator and cofounder, Dr. Rod Johnson

In this wide-ranging interview, I finally sit down one-on-one and talk to Dr. Rod Johnson, the creator of Spring, entrepreneur, venture capitalist, engineer, father, Kotlin fan, AI researcher, and musician, about this, that, and everything in between, fresh off our recent SpringOne presentation o...

PT-2024-6332

Name of the Vulnerable Software and Affected Versions Spring Framework versions 5.3.0 through 5.3.39 Spring Framework versions 6.0.0 through 6.0.23 Spring Framework versions 6.0.24 through 6.1.12 Spring Framework versions 6.1.13 and earlier Description The vulnerability is related to path travers...

Exploit for Code Injection in Vmware Spring_Cloud_Data_Flow

CVE-2024-37084-Poc Setup ,Analysis , Demo exploit and poc abou...