31 matches found
Oracle WebLogic Server (July 2025 CPU)
The 12.2.1.4.0, 14.1.1.0.0, and 14.1.2.0.0 versions of WebLogic Server installed on the remote host are affected by multiple vulnerabilities as referenced in the July 2025 CPU advisory. - Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware component: Centralized...
Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in spring-webflux-5.3.27.jar
Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of spring-webflux-5.3.27.jar Vulnerability Details CVEID:CVE-2024-38819 DESCRIPTION: Applications serving static resources through the functional web frameworks WebMvc.fn or WebFlux.fn are vulnerable to path traversal attacks...
Exploit for CVE-2024-38819
CVE-2024-38819: Proof of Concept PoC This is a proof of con...
Security Bulletin: IBM Watson Speech Services Cartridge v4.8.8 is vulnerable to a security information disclosure in VMware Tanzu Spring [CVE-2024-38819]
Summary IBM Watson Speech Services Cartridge is vulnerable to a security information disclosure in VMware Tanzu Spring, due to path traversal exposures through the functional web framework: WebMvc.fn or WebFlux.fn CVE-2024-38819. VMware Tanzu Spring is used in our Speech microservices. This...
Atlassian Jira Service Management Data Center and Server 5.12.x < 5.12.19 (JSDSERVER-16083)
The version of Atlassian Jira Service Management Data Center and Server Jira Service Desk running on the remote host is affected by a vulnerability as referenced in the JSDSERVER-16083 advisory. - Applications serving static resources through the functional web frameworks WebMvc.fn or WebFlux.fn...
Exploit for CVE-2024-38819
CVE-2024-38819: Proof of Concept PoC This is a proof of concept for the CVE-2024-38819 vulnerability, which I reported, demonstrating a path traversal exploit. Execution Steps 1. Build the Docker image Spring Boot 3.3.4, based on Spring Framework 6.1.13 cd vuln docker build -t cve-2024-38819-poc...
Linux Distros Unpatched Vulnerability : CVE-2024-38819
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Applications serving static resources through the functional web frameworks WebMvc.fn or WebFlux.fn are vulnerable to path traversal attacks. An attacker can...
Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to a directory traversal in Spring Framework [CVE-2024-38819]
Summary IBM Watson Speech Services Cartridge is vulnerable to a directory traversal in Spring Framework, caused by improper validation of user request by the functional web frameworks WebMvc.fn or WebFlux.fn CVE-2024-38819. Spring Framework is used by our Speech Microservices. This vulnerabilitiy...
Security Bulletin: Vulnerability in Spring WebMvc affects watsonx.data
Summary Applications serving static resources through the functional web frameworks WebMvc.fn or WebFlux.fn are vulnerable to path traversal attacks. This could affect watsonx.data. Vulnerability Details CVEID:CVE-2024-38819 DESCRIPTION: Applications serving static resources through the functiona...
Exploit for CVE-2024-38819
CVE-2024-38819 01. File-Traversal와 Webflux 개요 - 1 File...
Atlassian Confluence 3.x < 7.19.30 / 7.20.x < 8.5.18 / 8.6.x < 9.1.1 / 9.2.0 (CONFSERVER-98842)
The version of Atlassian Confluence Server running on the remote host is affected by a vulnerability as referenced in the CONFSERVER-98842 advisory. - Applications serving static resources through the functional web frameworks WebMvc.fn or WebFlux.fn are vulnerable to path traversal attacks. An...
Security Bulletin: IBM Maximo Application Suite - AI Broker Component component uses spring-webflux-6.1.13.jar which is vulnerable to this CVE-2024-38819
Summary Security Bulletin: IBM Maximo Application Suite - AI Broker Component component uses spring-webflux-6.1.13.jar which is vulnerable to this CVE-2024-38819. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-38819 DESCRIPTION...
Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to spring-webmvc-6.1.11.jar CVE-2024-38819
Summary IBM Maximo Application Suite - Monitor Component is vulnerable to spring-webmvc-6.1.11.jar CVE-2024-38819. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2024-38819 DESCRIPTION: Applications serving static resources through the...
ai.optfor:spring-openai-api (>=0.2.2 <=0.3.25), app.boboc:webflux-websocket-coroutine (>=0.0.6 <=1.0.0) +661 more potentially affected by CVE-2024-38819 via org.springframework:spring-webflux (>=6.0.0 <=6.0.23)
org.springframework:spring-webflux MAVEN version =6.0.0, =0.2.2, =0.0.6, =0.0.6, =4.6.18, =0.14.0, =0.15.0, =0.15.0, =0.15.0, =0.15.0, =0.15.0-RC2 and more Source cves: CVE-2024-38819 Source advisory: OSV:GHSA-G5VR-RGQM-VF78...
ai.ancf.lmos:lmos-operator (>=0.0.4 <=0.1.0), ai.driftkit:driftkit-chat-assistant-framework (>=0.5.0 <=0.8.7) +3144 more potentially affected by CVE-2024-38819 via org.springframework:spring-webmvc (>=6.1.0 <=6.1.13)
org.springframework:spring-webmvc MAVEN version =6.1.0, =0.0.4, =0.5.0, =0.6.0, =0.5.0, =0.7.0, =0.7.0, =0.5.0, =0.7.5, =0.8.3, =0.7.0, =0.5.0, =0.5.0, =0.5.0, =cloud-0.1, =cloud-0.2.1 - ai.latta:spring =1.0 and more Source cves: CVE-2024-38819 Source advisory: OSV:GHSA-G5VR-RGQM-VF78...
RPD:bmc-rpd (=1.1), aendter.jenkins.plugins:filesystem-list-parameter-plugin (>=0.0.1 <=0.0.6) +25453 more potentially affected by CVE-2024-38819 via org.springframework:spring-webmvc (>=1.2.1 <=5.3.39)
org.springframework:spring-webmvc MAVEN version =1.2.1, =0.0.1, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =4.4.0.0, =0.0.12, =0.1.15 and more Source cves: CVE-2024-38819 Source advisory: OSV:GHSA-G5VR-RGQM-VF78...
africa.absa:inception-application (>=1.1.0 <=1.2.0), africa.absa:inception-test (>=1.1.0 <=1.2.0) +2757 more potentially affected by CVE-2024-38819 via org.springframework:spring-webflux (>=5.0.0.RELEASE <=5.3.39)
org.springframework:spring-webflux MAVEN version =5.0.0.RELEASE, =1.1.0, =1.1.0, =0.5.0, =0.5.0, =0.5.0, =j8.2.2.0, =0.0.1, =v0.3.12, =v0.3.12, =v0.3.12, =2.1.2.RELEASE, =4.1.36, =4.1.7, =4.7.1 - br.com.m4rc310:br-com-m4rc310-graphql =1.0.1 - br.com.m4rc310:br-com-m4rc310-libs =1.0.1 and more...
CVE-2024-38819
Applications serving static resources through the functional web frameworks WebMvc.fn or WebFlux.fn are vulnerable to path traversal attacks. An attacker can craft malicious HTTP requests and obtain any file on the file system that is also accessible to the process in which the Spring application...
CVE-2024-38819
Applications serving static resources through the functional web frameworks WebMvc.fn or WebFlux.fn are vulnerable to path traversal attacks. An attacker can craft malicious HTTP requests and obtain any file on the file system that is also accessible to the process in which the Spring application...
CVE-2024-38819
Applications serving static resources through the functional web frameworks WebMvc.fn or WebFlux.fn are vulnerable to path traversal attacks. An attacker can craft malicious HTTP requests and obtain any file on the file system that is also accessible to the process in which the Spring application...