vulnerability

Debian: CVE-2024-38819: libspring-java -- security update

Try Surface Command

Back to search

Severity

CVSS

(AV:N/AC:L/Au:N/C:C/I:N/A:N)

Published

Dec 19, 2024

Added

May 15, 2025

Modified

Mar 30, 2026

Description

Applications serving static resources through the functional web frameworks WebMvc.fn or WebFlux.fn are vulnerable to path traversal attacks. An attacker can craft malicious HTTP requests and obtain any file on the file system that is also accessible to the process in which the Spring application is running.

Solution

no-fix-debian-deb-package

References

CVE-2024-38819
https://attackerkb.com/topics/CVE-2024-38819
CWE-22
EUVD-EUVD-2024-3583
https://euvd.enisa.europa.eu/vulnerability/EUVD-2024-3583

Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report