Primary

Context

Vector4wang Spring Boot Quick Path Traversal Vulnerability in Img2Txt Component

Vulnerability

A critical path traversal vulnerability has been identified in the Vector4wang Spring Boot Quick project, specifically in the Img2Txt component, versions prior to 20250422. The issue arises in the Img2TxtController, within the ResponseEntity function, where improper handling of file paths allows for traversal attacks. This vulnerability can be exploited remotely, and has been publicly disclosed.

Impact

Exploitation of this vulnerability allows for path traversal, which could lead to unauthorized file access on the server.

Reproduction

The vulnerability can be reproduced by sending a request that includes a crafted file path, exploiting the path traversal flaw in the Img2TxtController's ResponseEntity function. This can be done remotely, taking advantage of the improper validation of file paths to access restricted files on the server.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

3.3

exploitability

6.6

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

3.3

exploitability

6.6

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vector4wang Spring Boot Quick Path Traversal Vulnerability in Img2Txt Component

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating