admin/GobyVuls
1
0
Fork 0
mirror of https://github.com/gobysec/GobyVuls.git synced 2025-05-06 10:41:40 +00:00
Code Issues Packages Projects Releases Wiki Activity
GobyVuls/Spring/CVE-2019-3799
History
tardc 321347a1b1 Update CVE-2019-3799
2020-07-23 11:17:11 +08:00
..
CVE-2019-3799_1.jpg
Add CVE-2019-3799
2020-07-17 14:31:00 +08:00
CVE-2019-3799_2.jpg
Add CVE-2019-3799
2020-07-17 14:31:00 +08:00
CVE-2019-3799_3.jpg
Add CVE-2019-3799
2020-07-17 14:31:00 +08:00
CVE-2019-3799_4.jpg
Add CVE-2019-3799
2020-07-17 14:31:00 +08:00
CVE-2019-3799.gif
Update CVE-2019-3799
2020-07-23 11:17:11 +08:00
README.md
Update CVE-2019-3799
2020-07-23 11:17:11 +08:00

README.md

CVE-2019-3799 Spring Cloud Config Server Directory Traversal

Spring Cloud Config, versions 2.1.x prior to 2.1.2, versions 2.0.x prior to 2.0.4, and versions 1.4.x prior to 1.4.6, and older unsupported versions allow applications to serve arbitrary configuration files through the spring-cloud-config-server module. A malicious user, or attacker, can send a request using a specially crafted URL that can lead a directory traversal attack.

Affected Version: Spring Cloud Config 2.1.x - 2.1.2, 2.0.x - 2.0.4, 1.4.x - 1.4.6

FOFA query rule: app="SpringBoot"

Demo