CVE-2024-38816: Path traversal vulnerability in functional web frameworks
First published: Fri Sep 13 2024(Updated: )
Applications serving static resources through the functional web frameworks WebMvc.fn or WebFlux.fn are vulnerable to path traversal attacks. An attacker can craft malicious HTTP requests and obtain any file on the file system that is also accessible to the process in which the Spring application is running. Specifically, an application is vulnerable when both of the following are true: * the web application uses RouterFunctions to serve static resources * resource handling is explicitly configured with a FileSystemResource location However, malicious requests are blocked and rejected when any of the following is true: * the Spring Security HTTP Firewall
Credit: security@vmware.com security@vmware.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| maven/org.springframework:spring-webflux | >=5.3.0<=5.3.39 | |
| maven/org.springframework:spring-webmvc | >=5.3.0<=5.3.39 | |
| maven/org.springframework:spring-webflux | >=6.0.0<=6.0.23 | |
| maven/org.springframework:spring-webmvc | >=6.0.0<=6.0.23 | |
| maven/org.springframework:spring-webflux | >=6.1.0<6.1.13 | 6.1.13 |
| maven/org.springframework:spring-webmvc | >=6.1.0<6.1.13 | 6.1.13 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://spring.io/security/cve-2024-38816
- https://security.netapp.com/advisory/ntap-20241227-0001/
- https://nvd.nist.gov/vuln/detail/CVE-2024-38816
- https://github.com/spring-projects/spring-framework/commit/d86bf8b2056429edf5494456cffcb2b243331c49
- https://security.netapp.com/advisory/ntap-20241227-0001
- https://github.com/advisories/GHSA-cx7f-g6mp-7hqm (Advisory)
- https://docs.spring.io/spring-security/reference/servlet/exploits/firewall.html
- https://access.redhat.com/errata/RHSA-2024:8064
- https://access.redhat.com/errata/RHSA-2024:11023
- https://bugzilla.redhat.com/show_bug.cgi?id=2312060
- https://www.ibm.com/support/pages/node/7182403 (Advisory)
Frequently Asked Questions
What is the severity of CVE-2024-38816?
CVE-2024-38816 is classified as a high severity vulnerability due to its potential for path traversal attacks.
How do I fix CVE-2024-38816?
To fix CVE-2024-38816, upgrade your Spring WebFlux or Spring WebMVC to version 6.1.13 or later.
Which versions of Spring are affected by CVE-2024-38816?
CVE-2024-38816 affects Spring WebFlux and Spring WebMVC versions between 5.3.0 and 5.3.39, as well as versions between 6.0.0 and 6.0.23.
What type of attack does CVE-2024-38816 enable?
CVE-2024-38816 allows attackers to perform path traversal attacks, potentially accessing any file in the filesystem accessible to the Spring process.
Is there a temporary workaround for CVE-2024-38816?
There are no documented temporary workarounds for CVE-2024-38816; upgrading to the fixed version is the recommended solution.
- agent/title
- agent/weakness
- agent/type
- agent/first-publish-date
- agent/author
- agent/severity
- agent/description
- agent/event
- agent/trending
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- collector/nvd-api
- source/NVD
- collector/github-advisory-latest
- source/GitHub
- alias/GHSA-cx7f-g6mp-7hqm
- alias/CVE-2024-38816
- agent/software-canonical-lookup
- agent/references
- collector/nvd-cve
- collector/github-advisory
- agent/source
- agent/tags
- collector/redhat-bugzilla
- source/Red Hat
- agent/last-modified-date
- collector/ibm-support
- source/IBM
- package-manager/maven