CVE-2024-38819

HIGH NUCLEI

Spring WebMvc.fn and WebFlux.fn 6.1.0-6.1.13 - Path Traversal via Static Resource Handling

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 6 public exploits for CVE-2024-38819. PoCs published by iSee857, masa42, JAckLosingHeart. A Nuclei detection template is also available.

AI-analyzed exploit summary The repository contains functional exploit code for multiple CVEs, including CVE-2026-22812, which demonstrates command execution via a session-based shell endpoint. The code is well-structured, includes error handling, and provides both single and batch detection capabilities.

Description

Applications serving static resources through the functional web frameworks WebMvc.fn or WebFlux.fn are vulnerable to path traversal attacks. An attacker can craft malicious HTTP requests and obtain any file on the file system that is also accessible to the process in which the Spring application is running.

Exploits (6)

github WORKING POC 40 stars
by iSee857 · pythonpoc
https://github.com/iSee857/CVE-PoC/tree/main/SpringFramework(CVE-2024-38819).py

The repository contains functional exploit code for multiple CVEs, including CVE-2026-22812, which demonstrates command execution via a session-based shell endpoint. The code is well-structured, includes error handling, and provides both single and batch detection capabilities.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: OpenCode (CVE-2026-22812), Altenergy (CVE-2024-11305), and others
No auth needed
Prerequisites: Network access to the target · Target service running and accessible
devstral-2 · analyzed Feb 27, 2026 Full analysis →
nomisec WORKING POC 38 stars
by masa42 · poc
https://github.com/masa42/CVE-2024-38819-POC

This repository contains a functional proof-of-concept for CVE-2024-38819, demonstrating a path traversal vulnerability in Spring Framework 6.1.13. The exploit leverages percent-encoded directory traversal sequences through a symbolic link to access sensitive files like /etc/passwd.

Classification
Working Poc 95%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: Spring Framework 6.1.13 (Spring Boot 3.3.4)
No auth needed
Prerequisites: Docker · Spring Boot application with vulnerable static file routing configuration
devstral-2 · analyzed Feb 18, 2026 Full analysis →
github WORKING POC 5 stars
by JAckLosingHeart · javapoc
https://github.com/JAckLosingHeart/CVE-PoC-Collection/tree/main/spring-CVE-2024-38819

This repository contains functional exploit code for multiple CVEs, primarily targeting Java-based vulnerabilities. The PoCs include deserialization attacks, RCE via LDAP/JNDI, and other offensive techniques, with clear examples of exploit chains.

Classification
Working Poc 95%
Attack Type
Rce | Deserialization
Complexity
Moderate
Reliability
Reliable
Target: Apache Commons Text, Dubbo, Fastjson, Jackson, Log4j, MySQL, Shiro
No auth needed
Prerequisites: Java runtime environment · vulnerable versions of target software · network access to target
devstral-2 · analyzed Feb 27, 2026 Full analysis →
nomisec WORKING POC 3 stars
by GhostS3c · poc
https://github.com/GhostS3c/CVE-2024-38819

This YAML file contains a functional exploit for CVE-2024-38819, demonstrating a path traversal vulnerability in Spring Boot 3.3.4. It sends a crafted HTTP request to access sensitive files (e.g., /etc/passwd) and verifies the response for successful exploitation.

Classification
Working Poc 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: Spring Boot 3.3.4 (Spring Framework 6.1.13)
No auth needed
Prerequisites: Network access to the target application
devstral-2 · analyzed Feb 18, 2026 Full analysis →
nomisec WORKING POC 1 stars
by vishalnoza · poc
https://github.com/vishalnoza/CVE-2024-38819-POC2

This repository contains a functional proof-of-concept for CVE-2024-38819, demonstrating a path traversal vulnerability in Spring Framework 6.1.13. The exploit leverages percent-encoded directory traversal sequences via a symbolic link to access arbitrary files on the system.

Classification
Working Poc 95%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: Spring Framework 6.1.13 (Spring Boot 3.3.4)
No auth needed
Prerequisites: Docker environment · Network access to the vulnerable application
devstral-2 · analyzed Feb 18, 2026 Full analysis →
nomisec WRITEUP
by skrkcb2 · poc
https://github.com/skrkcb2/cve-2024-38819

This repository provides a detailed technical analysis of CVE-2024-38819, a path traversal vulnerability in Spring WebFlux and WebMVC.fn. It explains the root cause in the `StringUtils.cleanPath()` function and demonstrates how attackers can bypass path validation to access arbitrary files.

Classification
Writeup 95%
Attack Type
Info Leak
Complexity
Moderate
Reliability
Reliable
Target: Spring Framework WebFlux/WebMVC.fn (versions before fix)
No auth needed
Prerequisites: Spring WebFlux/WebMVC.fn application with static resource serving enabled
devstral-2 · analyzed Feb 18, 2026 Full analysis →

Nuclei Templates (1)

Spring Framework Path Traversal in Functional Web Frameworks
HIGHVERIFIEDby DhiyaneshDk
Shodan: http.favicon.hash:116323821

References (2)

Core 2

Scores

CVSS v3 7.5
EPSS 0.9351
EPSS Percentile 99.8%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable yes
Technical Impact partial

Details

CWE
CWE-22
Status published
Products (3)
N/A/Spring Framework Spring Framework 5.3.0 - 5.3.40, 6.0.0 - 6.0.24, 6.1.0 - 6.1.13
org.springframework/spring-webflux 6.1.0 - 6.1.14Maven
org.springframework/spring-webmvc 6.1.0 - 6.1.14Maven
Published Dec 19, 2024
Tracked Since Feb 18, 2026