CVE-2024-52302

common-user-management is a robust Spring Boot application featuring user management services designed to control user access dynamically. There is a critical security vulnerability in the application endpoint /api/v1/customer/profile-picture. This endpoint allows file uploads without proper validation or restrictions, enabling attackers to upload malicious files that can lead to Remote Code Execution (RCE).
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
UNKNOWN
---
GitHub_MCNA
---
---
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 86%
Common Weakness Enumeration
References
https://github.com/OsamaTaher/Java-springboot-codebase/commit/204402bb8b68030c14911379ddc82cfff00b8538
https://github.com/OsamaTaher/Java-springboot-codebase/security/advisories/GHSA-rhcq-44g3-5xcx