spring-cloud-config-server is vulnerable to directory traversal. It is possible because an attacker can serve arbitrary configuration files to the sever through a malicious URL feed into spring-cloud-config-server module.
github.com/mpgn/CVE-2019-3799
github.com/spring-cloud/spring-cloud-config/commit/90e8a81f6fa921e034cecb79cd100f343f7714af
github.com/spring-cloud/spring-cloud-config/commit/9617f2922ee2ae27f08676716224933f0d869719
github.com/spring-cloud/spring-cloud-config/commit/d3e21866a5f192fa2582349cb3732ad0e4b8850b
pivotal.io/security/cve-2019-3799
www.oracle.com/security-alerts/cpuapr2022.html