Arbitrary file upload in Osamataher Java-springboot-codebase
CVE-2024-52302
common-user-management is a robust Spring Boot application featuring user management services designed to control user access dynamically. There is a critical security vulnerability in the application endpoint /api/v1/customer/profile-pict…
Vulnerability class: Unrestricted File Upload
EPSS: 0.032 (86.7th percentile) — read the EPSS interpretation.
Affected products
- Osamataher Java-springboot-codebase — versions < 204402bb8b68030c14911379ddc82cfff00b8538
Weakness classification (CWE)
Public proof-of-concept exploits
References
- security-advisories@github.com (x_refsource_CONFIRM)
- security-advisories@github.com (x_refsource_MISC)
Frequently asked questions
- What is CVE-2024-52302?
- CVE-2024-52302 is a vulnerability in Osamataher Java-springboot-codebase, classified under Unrestricted Upload of File with Dangerous Type. Published 2024-11-14.
- Is CVE-2024-52302 known to be exploited?
- 5 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.