What is CVE-2019-3799?

CVE-2019-3799 is a vulnerability in Spring Cloud Config, classified under Path Traversal. Published 2019-05-06.

Is CVE-2019-3799 known to be exploited?

55 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Path Traversal in Spring Cloud Config

CVE-2019-3799

Spring Cloud Config, versions 2.1.x prior to 2.1.2, versions 2.0.x prior to 2.0.4, and versions 1.4.x prior to 1.4.6, and older unsupported versions allow applications to serve arbitrary configuration files through the spring-cloud-config-…

Vulnerability class: Path Traversal (Directory Traversal)

EPSS: 0.914 (99.7th percentile) — read the EPSS interpretation.

Affected products

Spring Cloud Config — versions 2.0, 1.4, 2.1

Weakness classification (CWE)

CWE-22 — Path Traversal

Public proof-of-concept exploits

References

www.oracle.com/security-alerts/cpuapr2022.html (x_refsource_MISC)
pivotal.io/security/cve-2019-3799 (x_refsource_CONFIRM)

Frequently asked questions

What is CVE-2019-3799?: CVE-2019-3799 is a vulnerability in Spring Cloud Config, classified under Path Traversal. Published 2019-05-06.
Is CVE-2019-3799 known to be exploited?: 55 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.