CVE-2024-38819: Spring Framework Path Traversal vulnerability
(updated )
Applications serving static resources through the functional web frameworks WebMvc.fn or WebFlux.fn are vulnerable to path traversal attacks. An attacker can craft malicious HTTP requests and obtain any file on the file system that is also accessible to the process in which the Spring application is running.
References
- github.com/advisories/GHSA-g5vr-rgqm-vf78
- github.com/spring-projects/spring-framework
- github.com/spring-projects/spring-framework/commit/3bfbe30a7814c9ea1556d40df9bd87ddb3ba372d
- github.com/spring-projects/spring-framework/commit/fb7890d73975a3d9e0763e0926df2bd0a608e87e
- github.com/spring-projects/spring-framework/issues/33689
- nvd.nist.gov/vuln/detail/CVE-2024-38819
- security.netapp.com/advisory/ntap-20250110-0010
- spring.io/security/cve-2024-38819
Code Behaviors & Features
Detect and mitigate CVE-2024-38819 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →