You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
org.springframework:spring-webmvc is a package that provides Model-View-Controller (MVC) architecture and ready components that can be used to develop flexible and loosely coupled web applications.
Affected versions of this package are vulnerable to Path Traversal through the functional web frameworks WebMvc.fn or WebFlux.fn. An attacker can craft malicious HTTP requests and obtain any file on the file system that is also accessible.
Note:
This is similar to CVE-2024-38816, but with different input.
Remediation
Upgrade org.springframework:spring-webmvc to version 6.1.14 or higher.
Overview
org.springframework:spring-webmvc is a package that provides Model-View-Controller (MVC) architecture and ready components that can be used to develop flexible and loosely coupled web applications.
Affected versions of this package are vulnerable to Path Traversal through the functional web frameworks
WebMvc.fnorWebFlux.fn. An attacker can craft malicious HTTP requests and obtain any file on the file system that is also accessible.Note:
This is similar to CVE-2024-38816, but with different input.
Remediation
Upgrade
org.springframework:spring-webmvcto version 6.1.14 or higher.References
The text was updated successfully, but these errors were encountered: