Recently, the Spring team exposed a directory traversal vulnerability in Spring Cloud Config in its latest security updates. The severity level of this vulnerability is rated as high officially. This vulnerability allows applications to serve arbitrary configuration files through the spring-cloud-config-server module. Attacker can send a request using a specially crafted URL that can lead to a directory traversal attack.
Date Published:2019-04-20