CVE-2024-38819

Published Dec 19, 2024

Last updated 2 months ago

CVSS high 7.5

Overview

Description
Applications serving static resources through the functional web frameworks WebMvc.fn or WebFlux.fn are vulnerable to path traversal attacks. An attacker can craft malicious HTTP requests and obtain any file on the file system that is also accessible to the process in which the Spring application is running.
Source
security@vmware.com
NVD status
Awaiting Analysis

Risk scores

CVSS 3.1

Type
Secondary
Base score
7.5
Impact score
3.6
Exploitability score
3.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Severity
HIGH

Weaknesses

security@vmware.com
CWE-22

Social media

Hype score
Not currently trending

  1. #exploit 1. Hacking Kerio Control via CVE-2024-52875: from CRLF Injection to 1-click RCE https://t.co/7QRChKDd85 2. CVE-2024-38819: https://t.co/kYUpa7vaE7 3. CVE-2024-24942: Path traversal in SwaggerUI-java within JetBrains TeamCity https://t.co/XfznvrBobf

    @VIPER92929

    24 Dec 2024

    2 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. #exploit 1. Hacking Kerio Control via CVE-2024-52875: from CRLF Injection to 1-click RCE https://t.co/BsuXNETOpB 2. CVE-2024-38819: https://t.co/ZRhIuNrI2E 3. CVE-2024-24942: Path traversal in SwaggerUI-java within JetBrains TeamCity https://t.co/lfsjbGMLsf

    @ksg93rd

    22 Dec 2024

    307 Impressions

    0 Retweets

    3 Likes

    1 Bookmark

    0 Replies

    0 Quotes

  3. آسیب پذیری جدیدی با کد شناسایی (CVE-2024-38819) برای فریمورک spring از نوع path traversal منتشر شده است.هکر ها با استفاده از این آسیب پذیری می توانند فایل های مختلف را read کنند .نسخه 6.1.13 مربوط به این فریموک دارای این آسیب پذیری می باشد. https://t.co/Poz3aKY03t https://t.co/f7

    @AmirHossein_sec

    21 Dec 2024

    139 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. آسیب پذیری فریمورک آسیب پذیری جدیدی با کد شناسایی (CVE-2024-38819) برای فریمورک spring از نوع path traversal منتشر شده است. هکر ها با استفاده از این آسیب پذیری می توانند فایل های مختلف را read کنند و به فایل ها مانند فایل passwd دسترسی داشته باشند.

    @cybernetic_cy

    21 Dec 2024

    178 Impressions

    0 Retweets

    2 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  5. CVE-2024-38819 Applications serving static resources through the functional web frameworks WebMvc.fn or WebFlux.fn are vulnerable to path traversal attacks. An attacker can craft ma… https://t.co/AbdwAC7oQo

    @CVEnew

    19 Dec 2024

    419 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  6. CVE-2024-38819: Spring Framework Path Traversal PoC Exploit Released https://t.co/zt8fQobYOe https://t.co/QITHKvz9N9

    @HackingTeam777

    16 Dec 2024

    976 Impressions

    7 Retweets

    22 Likes

    6 Bookmarks

    0 Replies

    0 Quotes

  7. Here's a Twitter post for the CVE-2024-38819 vulnerability in the Spring Framework: 🚨 Critical Spring Framework Vulnerability (CVE-2024-38819) 🚨 A path traversal vulnerability in Spring Framework allows attackers to access sensitive files on affected servers. PoC exploit now…

    @GHak2learn27752

    16 Dec 2024

    361 Impressions

    0 Retweets

    3 Likes

    1 Bookmark

    0 Replies

    0 Quotes

  8. ⚠️⚠️ CVE-2024-38819: Spring Framework Path Traversal PoC Exploit Released 🔥PoC: https://t.co/hISD1eYo5X 🎯25k+ Results are found on the https://t.co/pb16tGYaKe nearly year. 🔗FOFA Link:https://t.co/r89CoA1Nw9 FOFA Query:app="vmware-Spring-Framework" 🔖Refer:… https://t.co/t

    @fofabot

    16 Dec 2024

    7494 Impressions

    45 Retweets

    147 Likes

    83 Bookmarks

    0 Replies

    2 Quotes

  9. CVE-2024-38819: Path Traversal in Spring Framework, 7.5 rating❗️ Another Path Traversal vulnerability in the Spring framework. This time there is even a PoC! Search at https://t.co/hv7QKSqxTR: 👉 Link: https://t.co/thILLfmE8Y #cybersecurity #vulnerability_map #spring https://t

    @Netlas_io

    16 Dec 2024

    76 Impressions

    2 Retweets

    3 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  10. CVE-2024-38819 POC Spring路径遍历漏洞 https://t.co/yHbf9eRQXc https://t.co/iAkGLlLd6z

    @gov_hack

    16 Dec 2024

    2270 Impressions

    5 Retweets

    26 Likes

    12 Bookmarks

    0 Replies

    0 Quotes

  11. CVE-2024-38819: Spring Framework Path Traversal PoC Exploit Released https://t.co/0pxQwQ2MRY

    @Dinosn

    16 Dec 2024

    3207 Impressions

    14 Retweets

    40 Likes

    11 Bookmarks

    0 Replies

    0 Quotes

  12. GitHub - masa42/CVE-2024-38819-POC https://t.co/4Ug31MhF6e

    @hdH4dg8

    16 Dec 2024

    31 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  13. CVE-2024-38819 : PoC for a path vulnerability in a working web framework https://t.co/isaWreutNb

    @freedomhack101

    15 Dec 2024

    60 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  14. GitHub - masa42/CVE-2024-38819-POC https://t.co/JsQ1Gt9q0M

    @akaclandestine

    15 Dec 2024

    1573 Impressions

    5 Retweets

    15 Likes

    9 Bookmarks

    0 Replies

    0 Quotes

  15. CVE-2024-38819: Proof of Concept (PoC) https://t.co/DFFqeAge9i

    @cyberkendra

    14 Dec 2024

    79 Impressions

    1 Retweet

    3 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  16. GitHub - masa42/CVE-2024-38819-POC - https://t.co/da8i3POPYM

    @piedpiper1616

    14 Dec 2024

    1259 Impressions

    6 Retweets

    21 Likes

    6 Bookmarks

    0 Replies

    0 Quotes

  17. Spring Framework の脆弱性 CVE-2024-38819 が FIX:CVSS 7.5 のパス・トラバーサル https://t.co/GnZyK0hX81 #Aeye #PathTraversal #SpringFramework

    @iototsecnews

    28 Oct 2024

    123 Impressions

    1 Retweet

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  18. ⚠️⚠️ CVE-2024-38819: Path Traversal Risk in Web Apps Spring Framework Vulnerability 🎯22k+ Results are found on the https://t.co/pb16tGYaKe nearly year. 🔗FOFA Link:https://t.co/pTLpgAh0HY FOFA Query: app="Spring-Framework" 🔖Refer:https://t.co/IqKhTRCh30 #OSINT #FOFA https:

    @fofabot

    21 Oct 2024

    701 Impressions

    5 Retweets

    12 Likes

    3 Bookmarks

    0 Replies

    0 Quotes

  19. 🚨Alert🚨 CVE-2024-38819: Path Traversal Risk in Spring Framework Web Apps 📊 31.9K+ Services are found on https://t.co/ysWb28BTvF yearly. 🔗Hunter Link: https://t.co/wiRxP8PM5U 👇Query Hunter:/product.name="Spring Framework LocaleResolver" 📰Refer: https://t.co/qEtEttssXa… https

    @HunterMapping

    21 Oct 2024

    4189 Impressions

    27 Retweets

    80 Likes

    30 Bookmarks

    0 Replies

    0 Quotes

  20. 🚨🚨Spring Framework Vulnerability CVE-2024-38819: Path Traversal Risk in Web Apps ⚠️The path traversal vulnerability arises when static resources are served through the functional web frameworks of Spring, WebMvc.fn and WebFlux.fn. By crafting malicious HTTP requests, attackers…

    @zoomeye_team

    20 Oct 2024

    2302 Impressions

    7 Retweets

    11 Likes

    3 Bookmarks

    0 Replies

    1 Quote

  21. Spring framework fixes a High severity vulnerability CVE-2024-38819 #SpringFramework #CVE-2024-38819 https://t.co/1qIcFWwsxh

    @pravin_karthik

    35 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  22. Threat Alert: Spring Framework Vulnerability CVE-2024-38819: Path Traversal Risk in Web Apps CVE-2024-38819 CVE-2024-38816 Severity: ⚠️ Critical Maturity: 💢 Emerging Learn more: https://t.co/h668fXpj06 #CyberSecurity #ThreatIntel #InfoSec

    @fletch_ai

    68 Impressions

    1 Retweet

    4 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  23. Time to upgrade! Spring Framework fixes CVE-2024-38819 and CVE-2024-38820 https://t.co/8YzBORR8t1

    @snicoll

    4615 Impressions

    17 Retweets

    33 Likes

    7 Bookmarks

    0 Replies

    0 Quotes

  24. Spring Framework Vulnerability CVE-2024-38819: Path Traversal Risk in Web Apps Discover the potential security risks posed by CVE-2024-38819, a path traversal vulnerability in Spring Framework, and what it means for web app security https://t.co/shigDF7x6M

    @the_yellow_fall

    400 Impressions

    3 Retweets

    8 Likes

    2 Bookmarks

    0 Replies

    1 Quote

  25. CVE-2024-38819: Path Transversal vulnerability in Spring Framework.. #PatchNOW #CyberSecurity #infosec #CyberAttack https://t.co/CgkvJK38tM

    @patchnow24x7

    14 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    1 Reply

    0 Quotes

  26. CVE-2024-38819: Path Transversal vulnerability in Spring Framework.. #PatchNOW #CyberSecurity #infosec #CyberAttack https://t.co/E4nEko31Cr

    @patchnow24x7

    60 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    1 Reply

    0 Quotes

  27. CVE-2024-38819: Path Transversal vulnerability in Spring Framework.. #PatchNOW Vulnerability Details: https://t.co/CCenT2VbLW #PatchNOW #VMWare #Vulnerability #cybersecurity #ComputerSecurity #hacked #Cyberattack #infosec #informationsecurity #CyberSecurityAwareness #DataBreach

    @patchnow24x7

    458 Impressions

    1 Retweet

    2 Likes

    0 Bookmarks

    0 Replies

    2 Quotes

  28. Spring Framework Vulnerability CVE-2024-38819: Path Traversal Risk in Web Apps https://t.co/YYviGS9H01

    @Dinosn

    3742 Impressions

    9 Retweets

    42 Likes

    18 Bookmarks

    0 Replies

    0 Quotes

  29. We have published CVE-2024-38819 and CVE-2024-38820, see https://t.co/6VFX1OJnGJ

    @springframework

    4672 Impressions

    17 Retweets

    30 Likes

    5 Bookmarks

    0 Replies

    0 Quotes

References