heise PlusAbo
Anzeige

Spring Framework: Attackers can view files

Updates close vulnerabilities in Spring Framework. Support has expired for some versions and patches are no longer available for all users.

listen Print view

(Image: Artur Szczybylo/Shutterstock.com)

1 min. read
Security
By

Software developers who work with Spring Framework should update the development environment for security reasons. Otherwise, attackers can exploit two security vulnerabilities and attack systems.

In a warning message, the developers list two security vulnerabilities (CVE-2024-38819"high", CVE-2024-38820"medium"). They state that they have closed the vulnerabilities in version 6.1.14. According to a support article, support for Spring Framework 5.3.x and 6.0.x expired in August of this year. However, the commercial releases 5.3.41 and 6.0.25 should contain the fix.

Spring Boot is secured in versions 2.7.22.2, 3.0.17.2 and 3.1.13.2.

Videos by heise

If attackers successfully exploit the gaps, they can view any files on systems via prepared HTTP requests, among other things. So far, there have been no reports of attacks already in progress.

(des)

Don't miss any news – follow us on Facebook, LinkedIn or Mastodon.

This article was originally published in German. It was translated with technical assistance and editorially reviewed before publication.

Beliebte Bestenlisten

Alle Angebote
Newsletter heise-Bot heise-Bot Push Nachrichten Push Push-Nachrichten