5 matches found
Spring Cloud Config Server - Path Traversal
Spring Cloud 3.1.x 3.1.13, 4.1.x 4.1.9, 4.2.x 4.2.3, 4.3.x 4.3.2, and 5.0.x 5.0.2 contain a path traversal caused by profile parameter substitution in Config Server using native file system backend, letting attackers access files outside configured directories, exploit requires crafted request. i...
io.github.ilyaslabs.foodstack:configserver (=0.0.1), io.github.ilyaslabs:spring-boot-microservice-config-server (=1.0.0) +7 more potentially affected by CVE-2026-22739 via org.springframework.cloud:spring-cloud-config-server (>=4.3.0 <=4.3.1)
org.springframework.cloud:spring-cloud-config-server MAVEN version =4.3.0, =1.0.1, =7.3.0, =7.3.0, =26.01.01, =2.3.0, =4.3.0, =3.3.0, =3.3.1 Source cves: CVE-2026-22739 Source advisory: OSV:GHSA-3QWQ-Q9VM-5J42...
com.mayhoo:config-server (=3.0.2), com.okta.spring.examples:okta-spring-boot-cloud-config-example (>=3.0.3 <=3.0.8) +9 more potentially affected by CVE-2026-22739 via org.springframework.cloud:spring-cloud-config-server (>=4.0.0 <=4.1.7)
org.springframework.cloud:spring-cloud-config-server MAVEN version =4.0.0, =3.0.3, =0.5, =0.0.1, =1.2.1-rc1, =7.0.0, =7.0.0, =4.0.0, =3.0.0, =3.1.6 Source cves: CVE-2026-22739 Source advisory: OSV:GHSA-3QWQ-Q9VM-5J42...
ai.hyacinth.framework:core-service-config-server (>=0.5.0 <=0.5.24), cloud.altemista.fwk.framework:cloud-altemistafwk-documentation (=3.1.0.RELEASE) +238 more potentially affected by CVE-2026-22739 via org.springframework.cloud:spring-cloud-config-server (>=1.1.0.RELEASE <=3.1.10)
org.springframework.cloud:spring-cloud-config-server MAVEN version =1.1.0.RELEASE, =0.5.0, =1.0.6.OSS, =0.0.1, =0.0.1, =2.0.0.RELEASE, =2.0.2.RELEASE, =0.0.1.RELEASE, =0.0.1-RELEASE, =1.1.1, =1.1.0-RELEASE, =1.0.0, =1.2.2-RC - com.feingto:feingto-config =2.3.3.RELEASE and more Source cves:...
org.apereo.cas:cas-server-support-configuration-cloud-amqp (>=8.0.0-RC1 <=8.0.0-RC2), org.apereo.cas:cas-server-webapp-init-config-server (>=8.0.0-RC1 <=8.0.0-RC2) +3 more potentially affected by CVE-2026-22739 via org.springframework.cloud:spring-cloud-config-server (>=5.0.0-M1 <=5.0.1)
org.springframework.cloud:spring-cloud-config-server MAVEN version =5.0.0-M1, =8.0.0-RC1, =8.0.0-RC1, =5.0.0, =5.0.0, =5.0.1 Source cves: CVE-2026-22739 Source advisory: SNYK:JAVA-ORGSPRINGFRAMEWORKCLOUD-15762281...