[
https://issues.apache.org/jira/browse/ATLAS-4926?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Disha Talreja updated ATLAS-4926:
---------------------------------
Description: (was: CVE-2024-38819 - Applications serving static
resources through the functional web frameworks WebMvc.fn or WebFlux.fn are
vulnerable to path traversal attacks. An attacker can craft malicious HTTP
requests and obtain any file on the file system that is also accessible to the
process in which the Spring application is running.
This is similar to CVE-2024-38816, but with different input.
[https://spring.io/security/cve-2024-38819] )
> Upgrade Spring-webmvc and Spring-webflux to 6.1.14
> --------------------------------------------------
>
> Key: ATLAS-4926
> URL: https://issues.apache.org/jira/browse/ATLAS-4926
> Project: Atlas
> Issue Type: Task
> Components: atlas-core
> Reporter: Disha Talreja
> Assignee: Disha Talreja
> Priority: Major
> Fix For: 2.4.0
>
> Attachments: ATLAS-4926.patch
>
>
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
