Disha Talreja created ATLAS-4926:
------------------------------------
Summary: Upgrade Spring-webmvc and Spring-webflux to 6.1.14 due to
CVE-2024-38819
Key: ATLAS-4926
URL: https://issues.apache.org/jira/browse/ATLAS-4926
Project: Atlas
Issue Type: Task
Components: atlas-core
Reporter: Disha Talreja
Assignee: Disha Talreja
Fix For: 2.4.0
CVE-2024-38819 - Applications serving static resources through the functional
web frameworks WebMvc.fn or WebFlux.fn are vulnerable to path traversal
attacks. An attacker can craft malicious HTTP requests and obtain any file on
the file system that is also accessible to the process in which the Spring
application is running.
This is similar to CVE-2024-38816, but with different input.
[https://spring.io/security/cve-2024-38819]
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
