Lucene search
+L

5 matches found

Nuclei
Nuclei
added yesterday46 views

Spring Cloud Config Server - Path Traversal

Spring Cloud 3.1.x 3.1.13, 4.1.x 4.1.9, 4.2.x 4.2.3, 4.3.x 4.3.2, and 5.0.x 5.0.2 contain a path traversal caused by profile parameter substitution in Config Server using native file system backend, letting attackers access files outside configured directories, exploit requires crafted request. i...

8.6CVSS7.8AI score0.0122EPSS
Exploits0References4
vulnersOsv
vulnersOsv
added 2026/03/24 3:31 a.m.7 views

io.github.ilyaslabs.foodstack:configserver (=0.0.1), io.github.ilyaslabs:spring-boot-microservice-config-server (=1.0.0) +7 more potentially affected by CVE-2026-22739 via org.springframework.cloud:spring-cloud-config-server (>=4.3.0 <=4.3.1)

org.springframework.cloud:spring-cloud-config-server MAVEN version =4.3.0, =1.0.1, =7.3.0, =7.3.0, =26.01.01, =2.3.0, =4.3.0, =3.3.0, =3.3.1 Source cves: CVE-2026-22739 Source advisory: OSV:GHSA-3QWQ-Q9VM-5J42...

8.6CVSS7.2AI score0.0122EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/03/24 3:31 a.m.7 views

com.mayhoo:config-server (=3.0.2), com.okta.spring.examples:okta-spring-boot-cloud-config-example (>=3.0.3 <=3.0.8) +9 more potentially affected by CVE-2026-22739 via org.springframework.cloud:spring-cloud-config-server (>=4.0.0 <=4.1.7)

org.springframework.cloud:spring-cloud-config-server MAVEN version =4.0.0, =3.0.3, =0.5, =0.0.1, =1.2.1-rc1, =7.0.0, =7.0.0, =4.0.0, =3.0.0, =3.1.6 Source cves: CVE-2026-22739 Source advisory: OSV:GHSA-3QWQ-Q9VM-5J42...

8.6CVSS5.4AI score0.0122EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/03/24 3:31 a.m.7 views

ai.hyacinth.framework:core-service-config-server (>=0.5.0 <=0.5.24), cloud.altemista.fwk.framework:cloud-altemistafwk-documentation (=3.1.0.RELEASE) +238 more potentially affected by CVE-2026-22739 via org.springframework.cloud:spring-cloud-config-server (>=1.1.0.RELEASE <=3.1.10)

org.springframework.cloud:spring-cloud-config-server MAVEN version =1.1.0.RELEASE, =0.5.0, =1.0.6.OSS, =0.0.1, =0.0.1, =2.0.0.RELEASE, =2.0.2.RELEASE, =0.0.1.RELEASE, =0.0.1-RELEASE, =1.1.1, =1.1.0-RELEASE, =1.0.0, =1.2.2-RC - com.feingto:feingto-config =2.3.3.RELEASE and more Source cves:...

8.6CVSS5.8AI score0.0122EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/03/23 12:0 a.m.13 views

org.apereo.cas:cas-server-support-configuration-cloud-amqp (>=8.0.0-RC1 <=8.0.0-RC2), org.apereo.cas:cas-server-webapp-init-config-server (>=8.0.0-RC1 <=8.0.0-RC2) +3 more potentially affected by CVE-2026-22739 via org.springframework.cloud:spring-cloud-config-server (>=5.0.0-M1 <=5.0.1)

org.springframework.cloud:spring-cloud-config-server MAVEN version =5.0.0-M1, =8.0.0-RC1, =8.0.0-RC1, =5.0.0, =5.0.0, =5.0.1 Source cves: CVE-2026-22739 Source advisory: SNYK:JAVA-ORGSPRINGFRAMEWORKCLOUD-15762281...

8.6CVSS5.8AI score0.0122EPSS
Exploits0
Rows per page
Query Builder