WEB APPLICATION VULNERABILITIES SCA (Software Composition Analysis)

CVE-2019-3799 Vulnerability in maven package org.springframework.cloud:spring-cloud-config-server

Description

Spring Cloud Config, versions 2.1.x prior to 2.1.2, versions 2.0.x prior to 2.0.4, and versions 1.4.x prior to 1.4.6, and older unsupported versions allow applications to serve arbitrary configuration files through the spring-cloud-config-server module. A malicious user, or attacker, can send a request using a specially crafted URL that can lead a directory traversal attack.

Remediation

References

https://pivotal.io/security/cve-2019-3799

https://www.oracle.com/security-alerts/cpuapr2022.html

Related Vulnerabilities

CVE-2023-31126 Vulnerability in maven package org.xwiki.commons:xwiki-commons-xml

CVE-2019-10241 Vulnerability in maven package org.eclipse.jetty:jetty-server

CVE-2010-1157 Vulnerability in maven package tomcat:catalina

CVE-2022-25171 Vulnerability in npm package p4

CVE-2023-20866 Vulnerability in maven package org.springframework.session:spring-session-core

Severity

High

Classification

CWE-22 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Tags

Vendor Advisory Patch Third Party Advisory