CVE-2019-3799

Source
https://nvd.nist.gov/vuln/detail/CVE-2019-3799
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-3799.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2019-3799
Aliases
Withdrawn
2024-05-08T06:50:30.613176Z
Published
2019-05-06T16:29:01Z
Modified
2023-11-28T17:45:41.388293Z
Severity
  • 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N CVSS Calculator
Summary
[none]
Details

Spring Cloud Config, versions 2.1.x prior to 2.1.2, versions 2.0.x prior to 2.0.4, and versions 1.4.x prior to 1.4.6, and older unsupported versions allow applications to serve arbitrary configuration files through the spring-cloud-config-server module. A malicious user, or attacker, can send a request using a specially crafted URL that can lead a directory traversal attack.

References

Affected packages

Git / github.com/spring-cloud/spring-cloud-config

Affected ranges

Type
GIT
Repo
https://github.com/spring-cloud/spring-cloud-config
Events

Affected versions

v1.*

v1.3.4.RELEASE
v1.4.0.RELEASE
v1.4.1.RELEASE
v1.4.2.RELEASE
v1.4.3.RELEASE
v1.4.4.RELEASE
v1.4.5.RELEASE