CVE Radar Logo
CVERadar
CVE Radar Logo
CVERadar

CVE-2024-38819

High Severity
SVRS
50/100
CVSSv3
7.5/10
EPSS
0.62708/1

CVE-2024-38819 poses a path traversal risk in Spring applications using WebMvc.fn or WebFlux.fn for serving static resources. An attacker can exploit this vulnerability to access sensitive files within the server's filesystem by crafting malicious HTTP requests. Despite a CVSS score of 7.5, SOCRadar's SVRS assigns a score of 50, indicating a moderate risk. However, the "In The Wild" tag and the availability of active exploits highlight the urgency of addressing this vulnerability. This vulnerability allows attackers to read arbitrary files on the server. Update your Spring framework immediately to mitigate potential data breaches and system compromise. This CVE is significant because it affects many applications built on the popular Spring framework.

TAGS
In The Wild
Exploit Avaliable
VECTOR STRING
CVSS:3.1
AV:N
AC:L
PR:N
UI:N
S:U
C:H
I:N
A:N
PUBLICATION DATE2024-12-19
LAST MODIFIED2025-01-10
Eye Icon
SOCRadar
AI Insight

Description

CVE-2024-38819 is a recently discovered vulnerability with no publicly available description yet. While the CVSS score is currently 0, the SOCRadar Vulnerability Risk Score (SVRS) is 54, indicating a moderate level of risk. The SVRS incorporates various intelligence sources beyond traditional CVSS metrics, suggesting the vulnerability has been observed in the wild and actively exploited.

Key Insights

  1. Active Exploitation: Active exploits have been published for CVE-2024-38819, meaning attackers are already using this vulnerability to compromise systems. This highlights the immediate urgency for mitigation.

  2. Unknown Impact: The lack of a public description for CVE-2024-38819 makes it difficult to assess the full extent of its impact. This necessitates a proactive approach to identifying and mitigating the vulnerability.

  3. Potential Threat Actors: While no specific threat actors or APT groups have been publicly linked to this exploit, the availability of public exploits suggests a broader range of potential attackers could exploit this vulnerability.

  4. Limited Public Information: With limited public information available, organizations should rely on threat intelligence platforms like SOCRadar for real-time updates and analysis of CVE-2024-38819.

Mitigation Strategies

  1. Emergency Patching: Organizations must prioritize applying any available patches or updates related to CVE-2024-38819, even without complete vulnerability details. Patching is critical for preventing exploitation.

  2. Network Segmentation: Implement network segmentation strategies to isolate potentially vulnerable systems and limit the potential impact of successful attacks.

  3. Intrusion Detection and Prevention: Configure intrusion detection and prevention systems (IDS/IPS) to actively monitor for and block exploitation attempts related to CVE-2024-38819.

  4. Vulnerability Scanning: Conduct regular and thorough vulnerability scanning to identify systems affected by CVE-2024-38819 and prioritize patching efforts.

Additional Information

For further information regarding CVE-2024-38819, including any updates on threat actors, exploit status, or CISA warnings, utilize the 'Ask to Analyst' feature, contact SOCRadar directly, or open a support ticket.

Indicators of Compromise

TypeIndicatorDate
URL
https://www.sangfor.com2025-01-06
IP
207.188.6.172025-01-06
HOSTNAME
go-sw6-02.adventos.de2025-01-06
HOSTNAME
wizarr.manate.ch2025-01-06
IP
45.146.164.1412025-01-06
IP
108.11.30.1032025-01-06
IP
138.124.186.2212025-01-06

Exploits

TitleSoftware LinkDate
masa42/CVE-2024-38819-POChttps://github.com/masa42/CVE-2024-38819-POC2024-12-14
Enhance Your CVE Management with SOCRadar Vulnerability Intelligence
Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.
CREATE FREE ACCOUNT
CVE Details
Access comprehensive CVE information instantly
Real-time Tracking
Subscribe to CVEs and get instant updates
Exploit Analysis
Monitor related APT groups and threats
IOC Tracking
Analyze and track CVE-related IOCs

News

Adobe Security Update - Patch for Multiple Vulnerabilities Across Products - CybersecurityNews
2025-04-09
Adobe Security Update - Patch for Multiple Vulnerabilities Across Products - CybersecurityNews | News Content: Adobe has released a comprehensive set of security updates addressing multiple vulnerabilities across twelve of its products. The patches, all released on April 8, 2025, aim to resolve critical, important, and moderate security flaws that could potentially expose users to various cyber threats, including arbitrary code execution, privilege escalation, and application denial-of-service attacks. Significant Vulnerabilities Patched Adobe ColdFusion (APSB25-15) ColdFusion’s update resolves multiple vulnerabilities, including improper input validation (CVE-2025-24446), deserialization of untrusted data (CVE-2025-24447), and improper access control (CVE-2025
google.com
rss
forum
news
ISC StormCast for Monday, October 21st, 2024
Dr. Johannes B. Ullrich2024-10-21
ISC StormCast for Monday, October 21st, 2024 | Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Lost MSFT 365 Logs; Broken Cloud Storage; ESET Branded Malware; Synology, Spring and Grafana UpdatesMicrosoft 365: Partially incomplete log data due to monitoring agent issue https://m365admin.handsontek.net/multiple-services-partially-incomplete-log-data-due-to-monitoring-agent-issue/ End-to-End Encrytped Cloud Storage in the Wild: A Broken Ecosystem https://brokencloudstorage.info/paper.pdf ESET Branded Malware <a href="https://x.com
sans.edu
rss
forum
news
CVE-2024-38819 | Vmware Spring Framework up to 5.3.40/6.0.24/6.1.13 WebMvc.fn/WebFlux.fn path traversal (Nessus ID 209652)
vuldb.com2024-12-20
CVE-2024-38819 | Vmware Spring Framework up to 5.3.40/6.0.24/6.1.13 WebMvc.fn/WebFlux.fn path traversal (Nessus ID 209652) | A vulnerability was found in Vmware Spring Framework up to 5.3.40/6.0.24/6.1.13. It has been rated as critical. Affected by this issue is some unknown functionality of the component WebMvc.fn/WebFlux.fn. The manipulation leads to path traversal. This vulnerability is handled as CVE-2024-38819. The attack may be launched
vuldb.com
rss
forum
news
Spring Framework Path Traversal Vulnerability (CVE-2024-38819) PoC Exploit Released
Balaji2024-12-18
Spring Framework Path Traversal Vulnerability (CVE-2024-38819) PoC Exploit Released | A Proof of Concept (PoC) exploit for the critical path traversal vulnerability identified as CVE-2024-38819 in the Spring Framework has been released, shedding light on a serious security issue affecting applications that serve static resources via functional web frameworks. This vulnerability allows attackers to access unauthorized files on the server through carefully crafted HTTP requests. [&#8230;] The post Spring Framework Path Traversal Vulnerability (CVE-2024-38819) PoC Exploit Released</a
gbhackers.com
rss
forum
news
CVE-2024-38819 | Vmware Spring Framework up to 5.3.40/6.0.24/6.1.13 WebMvc.fn/WebFlux.fn path traversal
vuldb.com2024-10-31
CVE-2024-38819 | Vmware Spring Framework up to 5.3.40/6.0.24/6.1.13 WebMvc.fn/WebFlux.fn path traversal | A vulnerability was found in Vmware Spring Framework up to 5.3.40/6.0.24/6.1.13. It has been rated as critical. Affected by this issue is some unknown functionality of the component WebMvc.fn/WebFlux.fn. The manipulation leads to path traversal. This vulnerability is handled as CVE-2024-38819. The attack may be launched remotely. There is
vuldb.com
rss
forum
news
Spring Framework Vulnerability Leads to Data Leaks, Fix Now – - GridinSoft
2024-10-22
Spring Framework Vulnerability Leads to Data Leaks, Fix Now – - GridinSoft | News Content: Spring Framework has released an update that fixes the CVE-2024-38819 vulnerability, which potentially enables attackers to exploit HTTP requests for unauthorized file access. CVE-2024-38819 Overview The Spring Framework team has issued a patch for security vulnerability CVE-2024-38819. This is a path traversal vulnerability in the widely used Spring Framework. It carries a CVSS score of 7.5 and affects applications serving static resources via the WebMvc.fn or WebFlux.fn functional web frameworks. In brief, this flaw enables attackers to craft malicious HTTP requests to
google.com
rss
forum
news
CVE-2024–38819: Path Transversal vulnerability in Spring Framework
Patch NOW !!2024-10-18
CVE-2024–38819: Path Transversal vulnerability in Spring Framework | Authentication is not required to Exploit this flaw!!Continue reading on Medium »
medium.com
rss
forum
news

Social Media

CVE-2024-38819: Spring Framework Path Traversal PoC Exploit Released - https://t.co/N2nNozQLXj
0
0
0
CVE-2024-38819: Spring Framework Path Traversal PoC Exploit Released https://t.co/zt8fQobYOe https://t.co/QITHKvz9N9
0
0
2
GitHub - masa42/CVE-2024-38819-POC https://t.co/JsQ1Gt9q0M
0
1
2

Affected Software

No affected software found for this CVE

References

ReferenceLink
[email protected]https://spring.io/security/cve-2024-38819
AF854A3A-2127-422B-91AE-364DA2661108https://security.netapp.com/advisory/ntap-20250110-0010/
[email protected]https://spring.io/security/cve-2024-38819

CWE Details

CWE IDCWE NameDescription
CWE-22Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')The software uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the software does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence