Security Bulletin: Vulnerabilities in WebMvc.fn and WebFlux.fn affect watsonx.data

Summary The functional web frameworks WebMvc.fn or WebFlux.fn are vulnerable to path traversal attacks. These could affect watsonx.data. Vulnerability Details CVEID:CVE-2024-38816 DESCRIPTION: Applications serving static resources through the functional web frameworks WebMvc.fn or WebFlux.fn are...

Path Traversal

WebMvc.fn and WebFlux.fn are vulnerable to Path Traversal. The vulnerability is due to improper sanitization of user input in handling file paths, allows attackers to craft requests that bypass security restrictions and access unauthorized files on the server...

GHSA-G5VR-RGQM-VF78 Spring Framework Path Traversal vulnerability

Applications serving static resources through the functional web frameworks WebMvc.fn or WebFlux.fn are vulnerable to path traversal attacks. An attacker can craft malicious HTTP requests and obtain any file on the file system that is also accessible to the process in which the Spring application...

DEBIAN-CVE-2024-38819

Applications serving static resources through the functional web frameworks WebMvc.fn or WebFlux.fn are vulnerable to path traversal attacks. An attacker can craft malicious HTTP requests and obtain any file on the file system that is also accessible to the process in which the Spring application...

Spring Framework < 5.3.41 / 6.0.x < 6.0.25 / 6.1.x < 6.1.14 Multiple Vulnerabilities

The remote host contains a Spring Framework version is affected by a path traversal vulnerability. - Applications serving static resources through the functional web frameworks WebMvc.fn or WebFlux.fn are vulnerable to path traversal attacks. An attacker can craft malicious HTTP requests and obta...

VMware Spring Framework < 5.3.40, 6.0.x < 6.0.24, 6.1.x < 6.1.13 Path Traversal Vulnerability - Linux

The VMware Spring Framework is prone to a path traversal vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

CVE-2024-38816

Applications serving static resources through the functional web frameworks WebMvc.fn or WebFlux.fn are vulnerable to path traversal attacks. An attacker can craft malicious HTTP requests and obtain any file on the file system that is also accessible to the process in which the Spring application...

CVE-2024-38816 CVE-2024-38816: Path traversal vulnerability in functional web frameworks

Applications serving static resources through the functional web frameworks WebMvc.fn or WebFlux.fn are vulnerable to path traversal attacks. An attacker can craft malicious HTTP requests and obtain any file on the file system that is also accessible to the process in which the Spring application...