Spring Framework Vulnerability Let Attackers obtain Any Files from the System

A new vulnerability in the Spring Framework, known as CVE-2024-38816, potentially gives attackers access to any file on a system. The vulnerability affects applications that use the WebMvc.fn or WebFlux.fn in the Spring Framework and is classified as a high-risk path traversal vulnerability. Users of affected versions are advised to upgrade to a fixed version or use mitigation strategies like enabling Spring Security’s Firewall or using Tomcat or Jetty as a web server.