10 matches found
Spring Framework Path Traversal in Functional Web Frameworks
Applications serving static resources through the functional web frameworks WebMvc.fn or WebFlux.fn are vulnerable to path traversal attacks. An attacker can craft malicious HTTP requests and obtain any file on the file system that is also accessible to the process in which the Spring application...
PT-2026-47820
Name of the Vulnerable Software and Affected Versions NETGEAR router models affected versions not specified Description Insufficient input validation allows an authenticated administrator with local network access to submit crafted input. This action bypasses intended management interface...
spring-webmvc: Path Traversal Vulnerability in Spring Applications Using RouterFunctions and FileSystemResource
A flaw was found in Spring applications using the WebMvc.fn or WebFlux.fn frameworks. This issue can allow attackers to perform path traversal attacks via crafted HTTP requests when the application serves static resources using RouterFunctions and explicitly configures resource handling with a...
GHSA-CX7F-G6MP-7HQM Path traversal vulnerability in functional web frameworks
Applications serving static resources through the functional web frameworks WebMvc.fn or WebFlux.fn are vulnerable to path traversal attacks. An attacker can craft malicious HTTP requests and obtain any file on the file system that is also accessible to the process in which the Spring application...
DEBIAN-CVE-2024-38816
Applications serving static resources through the functional web frameworks WebMvc.fn or WebFlux.fn are vulnerable to path traversal attacks. An attacker can craft malicious HTTP requests and obtain any file on the file system that is also accessible to the process in which the Spring application...
CVE-2023-40462
The ACEManager component of ALEOS 4.16 and earlier does not perform input sanitization during authentication, which could potentially result in a Denial of Service DoS condition for ACEManager without impairing other router functions. ACEManager recovers from the DoS condition by restarting withi...
Design/Logic Flaw
The ACEManager component of ALEOS 4.16 and earlier does not perform input sanitization during authentication, which could potentially result in a Denial of Service DoS condition for ACEManager without impairing other router functions. ACEManager recovers from the DoS condition by restarting withi...
CVE-2023-40458
Loop with Unreachable Exit Condition 'Infinite Loop' vulnerability in Sierra Wireless, Inc ALEOS could potentially allow a remote attacker to trigger a Denial of Service DoS condition for ACEManager without impairing other router functions. This condition is cleared by restarting the device...
CVE-2023-40458
Loop with Unreachable Exit Condition 'Infinite Loop' vulnerability in Sierra Wireless, Inc ALEOS could potentially allow a remote attacker to trigger a Denial of Service DoS condition for ACEManager without impairing other router functions. This condition is cleared by restarting the device...
CVE-2023-40458
Removed by vendor...