CVE-2024-38819

CVSS 7.5 HIGHEPSS 54.9%CWE-22

Vexday Risk Score

48Atención

Decisión SSVC (CISA)

Attend

PoC disponible → seguir de cerca

CVSS 7.5EPSS 54.9%KEV nãoPoC —Nuclei simMetasploit —Patch —

Ciclo de vida

19 dic 2024Publicada en NVD

Recomendación: Planificar corrección próxima — ya existe PoC pública.

Applications serving static resources through the functional web frameworks WebMvc.fn or WebFlux.fn are vulnerable to path traversal attacks. An attacker can craft malicious HTTP requests and obtain any file on the file system that is also accessible to the process in which the Spring application is running.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Productos afectados

N/A · Spring Framework

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://security.netapp.com/advisory/ntap-20250110-0010/https://spring.io/security/cve-2024-38819