Vulnerabilites related to OsamaTaher - Java-springboot-codebase
CVE-2024-52302 (GCVE-0-2024-52302)
Vulnerability from cvelistv5
Published
2024-11-14 15:26
Modified
2024-11-14 15:57
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-434 - Unrestricted Upload of File with Dangerous Type
Summary
common-user-management is a robust Spring Boot application featuring user management services designed to control user access dynamically. There is a critical security vulnerability in the application endpoint /api/v1/customer/profile-picture. This endpoint allows file uploads without proper validation or restrictions, enabling attackers to upload malicious files that can lead to Remote Code Execution (RCE).
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| OsamaTaher | Java-springboot-codebase |
Version: < 204402bb8b68030c14911379ddc82cfff00b8538 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-52302",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-14T15:56:42.892102Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-14T15:57:49.416Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Java-springboot-codebase",
"vendor": "OsamaTaher",
"versions": [
{
"status": "affected",
"version": "\u003c 204402bb8b68030c14911379ddc82cfff00b8538"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "common-user-management is a robust Spring Boot application featuring user management services designed to control user access dynamically. There is a critical security vulnerability in the application endpoint /api/v1/customer/profile-picture. This endpoint allows file uploads without proper validation or restrictions, enabling attackers to upload malicious files that can lead to Remote Code Execution (RCE)."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"privilegesRequired": "LOW",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434: Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-14T15:26:49.407Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/OsamaTaher/Java-springboot-codebase/security/advisories/GHSA-rhcq-44g3-5xcx",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/OsamaTaher/Java-springboot-codebase/security/advisories/GHSA-rhcq-44g3-5xcx"
},
{
"name": "https://github.com/OsamaTaher/Java-springboot-codebase/commit/204402bb8b68030c14911379ddc82cfff00b8538",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/OsamaTaher/Java-springboot-codebase/commit/204402bb8b68030c14911379ddc82cfff00b8538"
}
],
"source": {
"advisory": "GHSA-rhcq-44g3-5xcx",
"discovery": "UNKNOWN"
},
"title": "common-user-management Unrestricted File Upload Leading to Remote Code Execution (RCE)"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-52302",
"datePublished": "2024-11-14T15:26:49.407Z",
"dateReserved": "2024-11-06T19:00:26.396Z",
"dateUpdated": "2024-11-14T15:57:49.416Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-46822 (GCVE-0-2025-46822)
Vulnerability from cvelistv5
Published
2025-05-21 17:23
Modified
2025-05-21 19:25
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-36 - Absolute Path Traversal
Summary
OsamaTaher/Java-springboot-codebase is a collection of Java and Spring Boot code snippets, applications, and projects. Prior to commit c835c6f7799eacada4c0fc77e0816f250af01ad2, insufficient path traversal mechanisms make absolute path traversal possible. This vulnerability allows unauthorized access to sensitive internal files. Commit c835c6f7799eacada4c0fc77e0816f250af01ad2 contains a patch for the issue.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| OsamaTaher | Java-springboot-codebase |
Version: < c835c6f7799eacada4c0fc77e0816f250af01ad2 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-46822",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-21T19:24:57.230980Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-21T19:25:00.790Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/OsamaTaher/Java-springboot-codebase/security/advisories/GHSA-q6mm-cm37-w637"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Java-springboot-codebase",
"vendor": "OsamaTaher",
"versions": [
{
"status": "affected",
"version": "\u003c c835c6f7799eacada4c0fc77e0816f250af01ad2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OsamaTaher/Java-springboot-codebase is a collection of Java and Spring Boot code snippets, applications, and projects. Prior to commit c835c6f7799eacada4c0fc77e0816f250af01ad2, insufficient path traversal mechanisms make absolute path traversal possible. This vulnerability allows unauthorized access to sensitive internal files. Commit c835c6f7799eacada4c0fc77e0816f250af01ad2 contains a patch for the issue."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-36",
"description": "CWE-36: Absolute Path Traversal",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-21T17:23:37.087Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/OsamaTaher/Java-springboot-codebase/security/advisories/GHSA-q6mm-cm37-w637",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/OsamaTaher/Java-springboot-codebase/security/advisories/GHSA-q6mm-cm37-w637"
},
{
"name": "https://github.com/OsamaTaher/Java-springboot-codebase/commit/c835c6f7799eacada4c0fc77e0816f250af01ad2",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/OsamaTaher/Java-springboot-codebase/commit/c835c6f7799eacada4c0fc77e0816f250af01ad2"
}
],
"source": {
"advisory": "GHSA-q6mm-cm37-w637",
"discovery": "UNKNOWN"
},
"title": "Unauthenticated Arbitrary File Read via Absolute Path"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-46822",
"datePublished": "2025-05-21T17:23:37.087Z",
"dateReserved": "2025-04-30T19:41:58.134Z",
"dateUpdated": "2025-05-21T19:25:00.790Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}