Spring Product Security Update Advisory (CVE-2024-38816)

Sep 19 2024

Overview

An update has been released to address vulnerabilities in Spring Product. Users of the affected versions are advised to update to the latest version.

Affected Products

CVE-2024-38816

Spring Framework versions: 5.3.0 (inclusive) ~ 5.3.39 (inclusive)
Spring Framework versions: 6.0.0 (inclusive) ~ 6.0.23 (inclusive)
Spring Framework versions: 6.1.0 (inclusive) ~ 6.1.12 (inclusive)

Resolved Vulnerabilities

Path traversal attack vulnerability in applications using WebMvc.fn or WebFlux.fn when a static resource is served by RouterFunctions and the resource is configured using FileSystemResource (CVE-2024-38816)

Vulnerability Patches

The following product-specific Vulnerability Patches have been made available in the latest update. If you are using an affected version, Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.

CVE-2024-38816

Spring Framework version: 5.3.40
Spring Framework version: 6.0.24
Spring Framework version: 6.1.13

Referenced Sites

[1] CVE-2024-38816 Detail

https://nvd.nist.gov/vuln/detail/cve-2024-38816

[2] CVE-2024-38816: Path traversal vulnerability in functional web frameworks

https://spring.io/security/cve-2024-38816

Spring Product Security Update Advisory (CVE-2024-38816)

Palo Alto Networks (PAN-OS,Cloud NGFW,Prisma Access,Prisma Access Browser,PAN-OS,GlobalProtect App,Cloud NGFW,Prisma Access,ActiveMQ Content Pack,Cortex XDR Agent) Family September 2024 Security Update Advisory

Mozilla Products September 2024 1st Security Update Advisory

Tags:

Palo Alto Networks (PAN-OS,Cloud NGFW,Prisma Access,Prisma Access Browser,PAN-OS,GlobalProtect App,Cloud NGFW,Prisma Access,ActiveMQ Content Pack,Cortex XDR Agent) Family September 2024 Security Update Advisory

Mozilla Products September 2024 1st Security Update Advisory