[
https://issues.apache.org/jira/browse/ATLAS-4926?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Disha Talreja updated ATLAS-4926:
---------------------------------
Summary: Upgrade Spring-webmvc and Spring-webflux to 6.1.14 (was: Upgrade
Spring-webmvc and Spring-webflux to 6.1.14 due to CVE-2024-38819)
> Upgrade Spring-webmvc and Spring-webflux to 6.1.14
> --------------------------------------------------
>
> Key: ATLAS-4926
> URL: https://issues.apache.org/jira/browse/ATLAS-4926
> Project: Atlas
> Issue Type: Task
> Components: atlas-core
> Reporter: Disha Talreja
> Assignee: Disha Talreja
> Priority: Major
> Fix For: 2.4.0
>
> Attachments: ATLAS-4926.patch
>
>
> CVE-2024-38819 - Applications serving static resources through the functional
> web frameworks WebMvc.fn or WebFlux.fn are vulnerable to path traversal
> attacks. An attacker can craft malicious HTTP requests and obtain any file on
> the file system that is also accessible to the process in which the Spring
> application is running.
> This is similar to CVE-2024-38816, but with different input.
> [https://spring.io/security/cve-2024-38819]
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
