WEB APPLICATION VULNERABILITIES SCA (Software Composition Analysis)

CVE-2019-3799 Vulnerability in maven package org.springframework.cloud:spring-cloud-config-server

Description

Spring Cloud Config, versions 2.1.x prior to 2.1.2, versions 2.0.x prior to 2.0.4, and versions 1.4.x prior to 1.4.6, and older unsupported versions allow applications to serve arbitrary configuration files through the spring-cloud-config-server module. A malicious user, or attacker, can send a request using a specially crafted URL that can lead a directory traversal attack.

Remediation

References

https://pivotal.io/security/cve-2019-3799

https://www.oracle.com/security-alerts/cpuapr2022.html

Related Vulnerabilities

CVE-2021-39133 Vulnerability in maven package org.rundeck:rundeck

CVE-2023-45137 Vulnerability in maven package org.xwiki.platform:xwiki-platform-web-templates

CVE-2016-4567 Vulnerability in maven package org.webjars.bower:mediaelement

CVE-2023-25653 Vulnerability in npm package node-jose

CVE-2022-0722 Vulnerability in maven package org.webjars.npm:parse-url

Severity

High

Classification

CWE-22 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Tags

Vendor Advisory Patch Third Party Advisory