{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-18T04:16:05.217","vulnerabilities":[{"cve":{"id":"CVE-2024-38819","sourceIdentifier":"security@vmware.com","published":"2024-12-19T18:15:10.557","lastModified":"2026-04-15T00:35:42.020","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Applications serving static resources through the functional web frameworks WebMvc.fn or WebFlux.fn are vulnerable to path traversal attacks. An attacker can craft malicious HTTP requests and obtain any file on the file system that is also accessible to the process in which the Spring application is running."},{"lang":"es","value":"Las aplicaciones que ofrecen recursos estáticos a través de los marcos web funcionales WebMvc.fn o WebFlux.fn son vulnerables a ataques de path traversal. Un atacante puede manipular solicitudes HTTP maliciosas y obtener cualquier archivo del sistema de archivos al que también pueda acceder el proceso en el que se ejecuta la aplicación Spring."}],"metrics":{"cvssMetricV31":[{"source":"security@vmware.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"security@vmware.com","type":"Secondary","description":[{"lang":"en","value":"CWE-22"}]}],"references":[{"url":"https://spring.io/security/cve-2024-38819","source":"security@vmware.com"},{"url":"https://security.netapp.com/advisory/ntap-20250110-0010/","source":"af854a3a-2127-422b-91ae-364da2661108"}]}}]}