WEB APPLICATION VULNERABILITIES SCA (Software Composition Analysis)

CVE-2019-3799 Vulnerability in maven package org.springframework.cloud:spring-cloud-config-server

Description

Spring Cloud Config, versions 2.1.x prior to 2.1.2, versions 2.0.x prior to 2.0.4, and versions 1.4.x prior to 1.4.6, and older unsupported versions allow applications to serve arbitrary configuration files through the spring-cloud-config-server module. A malicious user, or attacker, can send a request using a specially crafted URL that can lead a directory traversal attack.

Remediation

References

https://pivotal.io/security/cve-2019-3799

https://www.oracle.com/security-alerts/cpuapr2022.html

Related Vulnerabilities

CVE-2023-48218 Vulnerability in npm package strapi-plugin-protected-populate

CVE-2018-17186 Vulnerability in maven package org.apache.syncope.client:syncope-client-console

CVE-2022-28220 Vulnerability in maven package org.apache.james.protocols:protocols-api

CVE-2020-2232 Vulnerability in maven package org.jenkins-ci.plugins:email-ext

CVE-2021-39171 Vulnerability in npm package passport-saml

Severity

High

Classification

CWE-22 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Tags

Vendor Advisory Patch Third Party Advisory