Spring Boot common-user-management Remote Code Execution via Unrestricted File Upload
CVE-2024-52302 Published on November 14, 2024
common-user-management is a robust Spring Boot application featuring user management services designed to control user access dynamically. There is a critical security vulnerability in the application endpoint /api/v1/customer/profile-picture. This endpoint allows file uploads without proper validation or restrictions, enabling attackers to upload malicious files that can lead to Remote Code Execution (RCE).
Weakness Type
What is an Unrestricted File Upload Vulnerability?
The software allows the attacker to upload or transfer files of dangerous types that can be automatically processed within the product's environment.
CVE-2024-52302 has been classified to as an Unrestricted File Upload vulnerability or weakness.
Products Associated with CVE-2024-52302
You can be notified by email with stack.watch whenever vulnerabilities like CVE-2024-52302 are published in Pivotal Software Spring Boot:
Affected Versions
OsamaTaher Java-springboot-codebase Version < 204402bb8b68030c14911379ddc82cfff00b8538 is affected by CVE-2024-52302Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.