Arbitrary file upload in Osamataher Java-springboot-codebase

CVE-2024-52302

common-user-management is a robust Spring Boot application featuring user management services designed to control user access dynamically. There is a critical security vulnerability in the application endpoint /api/v1/customer/profile-pict…

Vulnerability class: Unrestricted File Upload

EPSS: 0.032 (86.7th percentile) — read the EPSS interpretation.

Affected products

Weakness classification (CWE)

Public proof-of-concept exploits

References

Frequently asked questions

What is CVE-2024-52302?
CVE-2024-52302 is a vulnerability in Osamataher Java-springboot-codebase, classified under Unrestricted Upload of File with Dangerous Type. Published 2024-11-14.
Is CVE-2024-52302 known to be exploited?
5 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.