CVE-2024-38819

Path traversal vulnerability in functional web frameworks (2nd report)

FALSE POSITIVE

Rundeck and Runbook Automation are not vulnerable to this CVE.

CVE-2024-38819 is a path traversal vulnerability in the Spring Framework, which affects applications using specific mechanisms (WebMvc.fn or WebFlux.fn) to serve static resources. These mechanisms are not used in our application or by Grails by default. Our application relies on the basic Spring WebMvc resource handler for serving static files, which means we are not affected by this vulnerability.