CVE-2024-52302
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2024-52302
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-52302.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2024-52302
- Aliases
-
- GHSA-rhcq-44g3-5xcx
- Published
- 2024-11-14T15:26:49.407Z
- Modified
- 2025-12-01T17:49:37.555261Z
- Severity
-
- 8.7 (High) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVSS Calculator
- Summary
- common-user-management Unrestricted File Upload Leading to Remote Code Execution (RCE)
- Details
-
common-user-management is a robust Spring Boot application featuring user management services designed to control user access dynamically. There is a critical security vulnerability in the application endpoint /api/v1/customer/profile-picture. This endpoint allows file uploads without proper validation or restrictions, enabling attackers to upload malicious files that can lead to Remote Code Execution (RCE).
- Database specific
{ "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/52xxx/CVE-2024-52302.json", "cna_assigner": "GitHub_M", "cwe_ids": [ "CWE-434" ] }- References
-
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/52xxx/CVE-2024-52302.json
- https://github.com/OsamaTaher/Java-springboot-codebase/commit/204402bb8b68030c14911379ddc82cfff00b8538
- https://github.com/OsamaTaher/Java-springboot-codebase/security/advisories/GHSA-rhcq-44g3-5xcx
- https://nvd.nist.gov/vuln/detail/CVE-2024-52302
Affected packages
Git / github.com/osamataher/java-springboot-codebase
Affected ranges
- Type
- GIT
- Repo
- https://github.com/osamataher/java-springboot-codebase
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Database specific
vanir_signatures
[
{
"signature_type": "Function",
"source": "https://github.com/osamataher/java-springboot-codebase/commit/204402bb8b68030c14911379ddc82cfff00b8538",
"signature_version": "v1",
"deprecated": false,
"id": "CVE-2024-52302-04c06b1a",
"digest": {
"length": 489.0,
"function_hash": "148674837612224022599096013489301469285"
},
"target": {
"file": "spring boot/common-user-management/src/main/java/common/management/customer/service/impl/CustomerServiceImpl.java",
"function": "updateProfilePicture"
}
},
{
"signature_type": "Function",
"source": "https://github.com/osamataher/java-springboot-codebase/commit/204402bb8b68030c14911379ddc82cfff00b8538",
"signature_version": "v1",
"deprecated": false,
"id": "CVE-2024-52302-2a7b250f",
"digest": {
"length": 270.0,
"function_hash": "298017241573897478027626145853007761763"
},
"target": {
"file": "spring boot/common-user-management/src/main/java/common/management/common/service/impl/FileSystemStorageService.java",
"function": "saveChunkToFile"
}
},
{
"signature_type": "Function",
"source": "https://github.com/osamataher/java-springboot-codebase/commit/204402bb8b68030c14911379ddc82cfff00b8538",
"signature_version": "v1",
"deprecated": false,
"id": "CVE-2024-52302-35c7e326",
"digest": {
"length": 718.0,
"function_hash": "125719891259932584725505153198930026827"
},
"target": {
"file": "spring boot/common-user-management/src/main/java/common/management/common/service/impl/FileSystemStorageService.java",
"function": "store"
}
},
{
"signature_type": "Line",
"source": "https://github.com/osamataher/java-springboot-codebase/commit/204402bb8b68030c14911379ddc82cfff00b8538",
"signature_version": "v1",
"deprecated": false,
"id": "CVE-2024-52302-36da2b65",
"digest": {
"line_hashes": [
"216406852106420074881875505793867279600",
"235070885051743762626331354455638350193",
"179859268234639628746423383091063660475",
"126233568952779006664801554634037918812",
"213044057240988274555562069984810821198",
"262830245869852552121535987716095762769",
"171901921885154778759067106620465062655",
"240993458169036818674126314684905193434"
],
"threshold": 0.9
},
"target": {
"file": "spring boot/common-user-management/src/main/java/common/management/common/util/OperationStatus.java"
}
},
{
"signature_type": "Line",
"source": "https://github.com/osamataher/java-springboot-codebase/commit/204402bb8b68030c14911379ddc82cfff00b8538",
"signature_version": "v1",
"deprecated": false,
"id": "CVE-2024-52302-485978be",
"digest": {
"line_hashes": [
"31622795325034364783770959797437715460",
"199540857809572365070862991370056266896",
"136408466530758535007274762263870916624",
"79810396878062312020437740110328437489",
"287443206460645749279285747482505886072",
"152042604302047972818463833396498838519",
"120843350184793852865342725994611467859",
"42092937024099766542375186157938832530",
"21761728762670263191397286708365602261",
"285384877972160901537602152038832043691",
"314404237327232770158717500990348587734",
"216723370878319428480251318866246101742",
"210557431922474615018969972786763560945",
"291915389356958481303557675035373602700",
"335954659789233134685968754852844042223",
"300425146573470779135792300313722960374",
"186261045890513541052746137487091944351",
"255441041392741901862835619721733019097",
"203259646686117650855243821082846489312",
"315506748234744242291872403812852521631",
"147628338285408854454867274807501499774",
"166233984682501299748224367053953647664",
"184570549768472569634097433290842759357",
"11210253551259503066418316610011771057",
"72551770110809854268238536870215931129",
"303113496886320307239391140859323743932",
"63889751522732534050040182870235431587",
"288264118975491782119564418054014555750",
"147818486003163639674917558919381743711",
"329247387442293351965913447392315548157",
"93201646056831049678197418074882901684",
"108654598044178431043433722840159076674",
"57462598979178151281129960340794805790",
"51529773371374140491508180038001768822",
"33563672238460129185074670979326785039",
"79184202036415983377710489013980488926",
"322648591071611378295533775769567857365",
"162497551885118486973176688081542419662",
"268323205414533032545303952179844656190",
"204785526064591049550320561014787836488",
"238797248519208424809374423140934660489"
],
"threshold": 0.9
},
"target": {
"file": "spring boot/common-user-management/src/main/java/common/management/common/service/impl/FileSystemStorageService.java"
}
},
{
"signature_type": "Function",
"source": "https://github.com/osamataher/java-springboot-codebase/commit/204402bb8b68030c14911379ddc82cfff00b8538",
"signature_version": "v1",
"deprecated": false,
"id": "CVE-2024-52302-5eedace0",
"digest": {
"length": 273.0,
"function_hash": "9194877864284865801958603021987294122"
},
"target": {
"file": "spring boot/common-user-management/src/main/java/common/management/common/service/impl/FileSystemStorageService.java",
"function": "loadAll"
}
},
{
"signature_type": "Line",
"source": "https://github.com/osamataher/java-springboot-codebase/commit/204402bb8b68030c14911379ddc82cfff00b8538",
"signature_version": "v1",
"deprecated": false,
"id": "CVE-2024-52302-76acb29d",
"digest": {
"line_hashes": [
"303916833095483188842705291826916876376",
"193188419362320221271569161519888616583",
"42872085590159831168511873323027278092",
"8699395713029848403213445820429281192"
],
"threshold": 0.9
},
"target": {
"file": "spring boot/common-user-management/src/main/java/common/management/customer/service/impl/CustomerServiceImpl.java"
}
},
{
"signature_type": "Function",
"source": "https://github.com/osamataher/java-springboot-codebase/commit/204402bb8b68030c14911379ddc82cfff00b8538",
"signature_version": "v1",
"deprecated": false,
"id": "CVE-2024-52302-f455be4f",
"digest": {
"length": 6401.0,
"function_hash": "205190781782243530820259574205607139588"
},
"target": {
"file": "spring boot/common-user-management/src/main/java/common/management/common/util/OperationStatus.java",
"function": "handle"
}
}
]