REDHAT-BUG-2327614: Path Traversal
First published: Wed Nov 20 2024(Updated: )
Applications serving static resources through the functional web frameworks WebMvc.fn or WebFlux.fn are vulnerable to path traversal attacks. An attacker can craft malicious HTTP requests and obtain any file on the file system that is also accessible to the process in which the Spring application is running.
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Spring Web | ||
| Spring WebFlux |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of REDHAT-BUG-2327614?
REDHAT-BUG-2327614 is classified as a critical vulnerability due to its potential for path traversal attacks.
How do I fix REDHAT-BUG-2327614?
To fix REDHAT-BUG-2327614, update your Spring WebMvc.fn and Spring WebFlux.fn applications to the latest patched version.
What are the potential impacts of REDHAT-BUG-2327614?
The potential impacts of REDHAT-BUG-2327614 include unauthorized access to sensitive files on the server.
Which applications are affected by REDHAT-BUG-2327614?
Applications using Spring WebMvc.fn and Spring WebFlux.fn are affected by REDHAT-BUG-2327614.
How can I identify if my application is vulnerable to REDHAT-BUG-2327614?
You can identify vulnerability to REDHAT-BUG-2327614 by reviewing your application's code for improper input validation in file handling.
- agent/severity
- agent/weakness
- agent/references
- agent/type
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2024-38819
- agent/last-modified-date
- agent/softwarecombine
- agent/tags
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/spring
- canonical/spring web
- canonical/spring webflux