CVE Details
Basic Information
| Title | hansonwang99 Spring-Boot-In-Action File Upload ImageUploadService.java watermarkTest path traversal |
|---|---|
| Type | cve |
| Published | 2025-06-16T05:31:05.347Z |
| Last Seen |
Product Information
| Vendor | hansonwang99 |
|---|---|
| Product | Spring-Boot-In-Action |
| Version | 807fd37643aa774b94fd004cc3adbd29ca17e9aa |
CVSS Information
| Base Score | 5.3 (MEDIUM) |
|---|---|
| Attack Vector | CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P |
| Confidentiality Impact | |
| Integrity Impact | |
| Availability Impact |
AI Analysis
| AI Description | A critical path traversal vulnerability was found in the Spring-Boot-In-Action project’s file upload component, specifically in the `watermarkTest` function of `ImageUploadService.java`. The vulnerability allows remote attackers to perform path traversal attacks by manipulating the `filename` argument. The exploit has been publicly disclosed and may be used in attacks. The product uses rolling releases, so specific affected and patched versions are not available. The vendor was contacted but did not respond. |
|---|---|
| AI Severity | Critical |
| Vendor | hansonwang99 |
| Product | Spring-Boot-In-Action |
| Affected Version | up to 807fd37643aa774b94fd004cc3adbd29ca17e9aa |
Affected Products
- hansonwang99 Spring-Boot-In-Action 807fd37643aa774b94fd004cc3adbd29ca17e9aa
Additional Information
| CVE List | |
|---|---|
| CWE List | CWE-22 |
| Bulletin Family |
References
Description
A vulnerability was found in hansonwang99 Spring-Boot-In-Action up to 807fd37643aa774b94fd004cc3adbd29ca17e9aa. It has been declared as critical. Affected by this vulnerability is the function watermarkTest of the file /springbt_watermark/src/main/java/cn/codesheep/springbt_watermark/service/ImageUploadService.java of the component File Upload. The manipulation of the argument filename leads to path traversal. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. The vendor was contacted early about this disclosure but did not respond in any way.