Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
4 vulnerabilities by OsamaTaher
CVE-2025-46822 (GCVE-0-2025-46822)
Vulnerability from cvelistv5 – Published: 2025-05-21 17:23 – Updated: 2025-05-21 19:25
VLAI
Title
Unauthenticated Arbitrary File Read via Absolute Path
Summary
OsamaTaher/Java-springboot-codebase is a collection of Java and Spring Boot code snippets, applications, and projects. Prior to commit c835c6f7799eacada4c0fc77e0816f250af01ad2, insufficient path traversal mechanisms make absolute path traversal possible. This vulnerability allows unauthorized access to sensitive internal files. Commit c835c6f7799eacada4c0fc77e0816f250af01ad2 contains a patch for the issue.
Severity
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-36 - Absolute Path Traversal
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/OsamaTaher/Java-springboot-cod… | x_refsource_CONFIRM |
| https://github.com/OsamaTaher/Java-springboot-cod… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| OsamaTaher | Java-springboot-codebase |
Affected:
< c835c6f7799eacada4c0fc77e0816f250af01ad2
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-46822",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-21T19:24:57.230980Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-21T19:25:00.790Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/OsamaTaher/Java-springboot-codebase/security/advisories/GHSA-q6mm-cm37-w637"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Java-springboot-codebase",
"vendor": "OsamaTaher",
"versions": [
{
"status": "affected",
"version": "\u003c c835c6f7799eacada4c0fc77e0816f250af01ad2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OsamaTaher/Java-springboot-codebase is a collection of Java and Spring Boot code snippets, applications, and projects. Prior to commit c835c6f7799eacada4c0fc77e0816f250af01ad2, insufficient path traversal mechanisms make absolute path traversal possible. This vulnerability allows unauthorized access to sensitive internal files. Commit c835c6f7799eacada4c0fc77e0816f250af01ad2 contains a patch for the issue."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-36",
"description": "CWE-36: Absolute Path Traversal",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-21T17:23:37.087Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/OsamaTaher/Java-springboot-codebase/security/advisories/GHSA-q6mm-cm37-w637",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/OsamaTaher/Java-springboot-codebase/security/advisories/GHSA-q6mm-cm37-w637"
},
{
"name": "https://github.com/OsamaTaher/Java-springboot-codebase/commit/c835c6f7799eacada4c0fc77e0816f250af01ad2",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/OsamaTaher/Java-springboot-codebase/commit/c835c6f7799eacada4c0fc77e0816f250af01ad2"
}
],
"source": {
"advisory": "GHSA-q6mm-cm37-w637",
"discovery": "UNKNOWN"
},
"title": "Unauthenticated Arbitrary File Read via Absolute Path"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-46822",
"datePublished": "2025-05-21T17:23:37.087Z",
"dateReserved": "2025-04-30T19:41:58.134Z",
"dateUpdated": "2025-05-21T19:25:00.790Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-52302 (GCVE-0-2024-52302)
Vulnerability from cvelistv5 – Published: 2024-11-14 15:26 – Updated: 2024-11-14 15:57
VLAI
Title
common-user-management Unrestricted File Upload Leading to Remote Code Execution (RCE)
Summary
common-user-management is a robust Spring Boot application featuring user management services designed to control user access dynamically. There is a critical security vulnerability in the application endpoint /api/v1/customer/profile-picture. This endpoint allows file uploads without proper validation or restrictions, enabling attackers to upload malicious files that can lead to Remote Code Execution (RCE).
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-434 - Unrestricted Upload of File with Dangerous Type
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/OsamaTaher/Java-springboot-cod… | x_refsource_CONFIRM |
| https://github.com/OsamaTaher/Java-springboot-cod… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| OsamaTaher | Java-springboot-codebase |
Affected:
< 204402bb8b68030c14911379ddc82cfff00b8538
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-52302",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-14T15:56:42.892102Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-14T15:57:49.416Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Java-springboot-codebase",
"vendor": "OsamaTaher",
"versions": [
{
"status": "affected",
"version": "\u003c 204402bb8b68030c14911379ddc82cfff00b8538"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "common-user-management is a robust Spring Boot application featuring user management services designed to control user access dynamically. There is a critical security vulnerability in the application endpoint /api/v1/customer/profile-picture. This endpoint allows file uploads without proper validation or restrictions, enabling attackers to upload malicious files that can lead to Remote Code Execution (RCE)."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"privilegesRequired": "LOW",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434: Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-14T15:26:49.407Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/OsamaTaher/Java-springboot-codebase/security/advisories/GHSA-rhcq-44g3-5xcx",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/OsamaTaher/Java-springboot-codebase/security/advisories/GHSA-rhcq-44g3-5xcx"
},
{
"name": "https://github.com/OsamaTaher/Java-springboot-codebase/commit/204402bb8b68030c14911379ddc82cfff00b8538",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/OsamaTaher/Java-springboot-codebase/commit/204402bb8b68030c14911379ddc82cfff00b8538"
}
],
"source": {
"advisory": "GHSA-rhcq-44g3-5xcx",
"discovery": "UNKNOWN"
},
"title": "common-user-management Unrestricted File Upload Leading to Remote Code Execution (RCE)"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-52302",
"datePublished": "2024-11-14T15:26:49.407Z",
"dateReserved": "2024-11-06T19:00:26.396Z",
"dateUpdated": "2024-11-14T15:57:49.416Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-46822 (GCVE-0-2025-46822)
Vulnerability from nvd – Published: 2025-05-21 17:23 – Updated: 2025-05-21 19:25
VLAI
Title
Unauthenticated Arbitrary File Read via Absolute Path
Summary
OsamaTaher/Java-springboot-codebase is a collection of Java and Spring Boot code snippets, applications, and projects. Prior to commit c835c6f7799eacada4c0fc77e0816f250af01ad2, insufficient path traversal mechanisms make absolute path traversal possible. This vulnerability allows unauthorized access to sensitive internal files. Commit c835c6f7799eacada4c0fc77e0816f250af01ad2 contains a patch for the issue.
Severity
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-36 - Absolute Path Traversal
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/OsamaTaher/Java-springboot-cod… | x_refsource_CONFIRM |
| https://github.com/OsamaTaher/Java-springboot-cod… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| OsamaTaher | Java-springboot-codebase |
Affected:
< c835c6f7799eacada4c0fc77e0816f250af01ad2
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-46822",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-21T19:24:57.230980Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-21T19:25:00.790Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/OsamaTaher/Java-springboot-codebase/security/advisories/GHSA-q6mm-cm37-w637"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Java-springboot-codebase",
"vendor": "OsamaTaher",
"versions": [
{
"status": "affected",
"version": "\u003c c835c6f7799eacada4c0fc77e0816f250af01ad2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OsamaTaher/Java-springboot-codebase is a collection of Java and Spring Boot code snippets, applications, and projects. Prior to commit c835c6f7799eacada4c0fc77e0816f250af01ad2, insufficient path traversal mechanisms make absolute path traversal possible. This vulnerability allows unauthorized access to sensitive internal files. Commit c835c6f7799eacada4c0fc77e0816f250af01ad2 contains a patch for the issue."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-36",
"description": "CWE-36: Absolute Path Traversal",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-21T17:23:37.087Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/OsamaTaher/Java-springboot-codebase/security/advisories/GHSA-q6mm-cm37-w637",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/OsamaTaher/Java-springboot-codebase/security/advisories/GHSA-q6mm-cm37-w637"
},
{
"name": "https://github.com/OsamaTaher/Java-springboot-codebase/commit/c835c6f7799eacada4c0fc77e0816f250af01ad2",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/OsamaTaher/Java-springboot-codebase/commit/c835c6f7799eacada4c0fc77e0816f250af01ad2"
}
],
"source": {
"advisory": "GHSA-q6mm-cm37-w637",
"discovery": "UNKNOWN"
},
"title": "Unauthenticated Arbitrary File Read via Absolute Path"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-46822",
"datePublished": "2025-05-21T17:23:37.087Z",
"dateReserved": "2025-04-30T19:41:58.134Z",
"dateUpdated": "2025-05-21T19:25:00.790Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-52302 (GCVE-0-2024-52302)
Vulnerability from nvd – Published: 2024-11-14 15:26 – Updated: 2024-11-14 15:57
VLAI
Title
common-user-management Unrestricted File Upload Leading to Remote Code Execution (RCE)
Summary
common-user-management is a robust Spring Boot application featuring user management services designed to control user access dynamically. There is a critical security vulnerability in the application endpoint /api/v1/customer/profile-picture. This endpoint allows file uploads without proper validation or restrictions, enabling attackers to upload malicious files that can lead to Remote Code Execution (RCE).
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-434 - Unrestricted Upload of File with Dangerous Type
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/OsamaTaher/Java-springboot-cod… | x_refsource_CONFIRM |
| https://github.com/OsamaTaher/Java-springboot-cod… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| OsamaTaher | Java-springboot-codebase |
Affected:
< 204402bb8b68030c14911379ddc82cfff00b8538
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-52302",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-14T15:56:42.892102Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-14T15:57:49.416Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Java-springboot-codebase",
"vendor": "OsamaTaher",
"versions": [
{
"status": "affected",
"version": "\u003c 204402bb8b68030c14911379ddc82cfff00b8538"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "common-user-management is a robust Spring Boot application featuring user management services designed to control user access dynamically. There is a critical security vulnerability in the application endpoint /api/v1/customer/profile-picture. This endpoint allows file uploads without proper validation or restrictions, enabling attackers to upload malicious files that can lead to Remote Code Execution (RCE)."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"privilegesRequired": "LOW",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434: Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-14T15:26:49.407Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/OsamaTaher/Java-springboot-codebase/security/advisories/GHSA-rhcq-44g3-5xcx",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/OsamaTaher/Java-springboot-codebase/security/advisories/GHSA-rhcq-44g3-5xcx"
},
{
"name": "https://github.com/OsamaTaher/Java-springboot-codebase/commit/204402bb8b68030c14911379ddc82cfff00b8538",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/OsamaTaher/Java-springboot-codebase/commit/204402bb8b68030c14911379ddc82cfff00b8538"
}
],
"source": {
"advisory": "GHSA-rhcq-44g3-5xcx",
"discovery": "UNKNOWN"
},
"title": "common-user-management Unrestricted File Upload Leading to Remote Code Execution (RCE)"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-52302",
"datePublished": "2024-11-14T15:26:49.407Z",
"dateReserved": "2024-11-06T19:00:26.396Z",
"dateUpdated": "2024-11-14T15:57:49.416Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}