{"id":"CVE-2024-52302","summary":"common-user-management Unrestricted File Upload Leading to Remote Code Execution (RCE)","details":"common-user-management is a robust Spring Boot application featuring user management services designed to control user access dynamically. There is a critical security vulnerability in the application endpoint /api/v1/customer/profile-picture. This endpoint allows file uploads without proper validation or restrictions, enabling attackers to upload malicious files that can lead to Remote Code Execution (RCE).","aliases":["GHSA-rhcq-44g3-5xcx"],"modified":"2026-04-12T09:10:30.745884Z","published":"2024-11-14T15:26:49.407Z","database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/52xxx/CVE-2024-52302.json","cna_assigner":"GitHub_M","cwe_ids":["CWE-434"]},"references":[{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/52xxx/CVE-2024-52302.json"},{"type":"ADVISORY","url":"https://github.com/OsamaTaher/Java-springboot-codebase/security/advisories/GHSA-rhcq-44g3-5xcx"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-52302"},{"type":"FIX","url":"https://github.com/OsamaTaher/Java-springboot-codebase/commit/204402bb8b68030c14911379ddc82cfff00b8538"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/osamataher/java-springboot-codebase","events":[{"introduced":"0"},{"fixed":"204402bb8b68030c14911379ddc82cfff00b8538"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-52302.json","vanir_signatures":[{"source":"https://github.com/osamataher/java-springboot-codebase/commit/204402bb8b68030c14911379ddc82cfff00b8538","id":"CVE-2024-52302-04c06b1a","signature_version":"v1","deprecated":false,"digest":{"length":489,"function_hash":"148674837612224022599096013489301469285"},"signature_type":"Function","target":{"file":"spring boot/common-user-management/src/main/java/common/management/customer/service/impl/CustomerServiceImpl.java","function":"updateProfilePicture"}},{"source":"https://github.com/osamataher/java-springboot-codebase/commit/204402bb8b68030c14911379ddc82cfff00b8538","id":"CVE-2024-52302-2a7b250f","signature_version":"v1","deprecated":false,"digest":{"length":270,"function_hash":"298017241573897478027626145853007761763"},"signature_type":"Function","target":{"file":"spring boot/common-user-management/src/main/java/common/management/common/service/impl/FileSystemStorageService.java","function":"saveChunkToFile"}},{"source":"https://github.com/osamataher/java-springboot-codebase/commit/204402bb8b68030c14911379ddc82cfff00b8538","id":"CVE-2024-52302-35c7e326","signature_version":"v1","deprecated":false,"digest":{"length":718,"function_hash":"125719891259932584725505153198930026827"},"signature_type":"Function","target":{"file":"spring boot/common-user-management/src/main/java/common/management/common/service/impl/FileSystemStorageService.java","function":"store"}},{"source":"https://github.com/osamataher/java-springboot-codebase/commit/204402bb8b68030c14911379ddc82cfff00b8538","id":"CVE-2024-52302-36da2b65","signature_version":"v1","deprecated":false,"digest":{"threshold":0.9,"line_hashes":["216406852106420074881875505793867279600","235070885051743762626331354455638350193","179859268234639628746423383091063660475","126233568952779006664801554634037918812","213044057240988274555562069984810821198","262830245869852552121535987716095762769","171901921885154778759067106620465062655","240993458169036818674126314684905193434"]},"signature_type":"Line","target":{"file":"spring boot/common-user-management/src/main/java/common/management/common/util/OperationStatus.java"}},{"source":"https://github.com/osamataher/java-springboot-codebase/commit/204402bb8b68030c14911379ddc82cfff00b8538","id":"CVE-2024-52302-485978be","signature_version":"v1","deprecated":false,"digest":{"threshold":0.9,"line_hashes":["31622795325034364783770959797437715460","199540857809572365070862991370056266896","136408466530758535007274762263870916624","79810396878062312020437740110328437489","287443206460645749279285747482505886072","152042604302047972818463833396498838519","120843350184793852865342725994611467859","42092937024099766542375186157938832530","21761728762670263191397286708365602261","285384877972160901537602152038832043691","314404237327232770158717500990348587734","216723370878319428480251318866246101742","210557431922474615018969972786763560945","291915389356958481303557675035373602700","335954659789233134685968754852844042223","300425146573470779135792300313722960374","186261045890513541052746137487091944351","255441041392741901862835619721733019097","203259646686117650855243821082846489312","315506748234744242291872403812852521631","147628338285408854454867274807501499774","166233984682501299748224367053953647664","184570549768472569634097433290842759357","11210253551259503066418316610011771057","72551770110809854268238536870215931129","303113496886320307239391140859323743932","63889751522732534050040182870235431587","288264118975491782119564418054014555750","147818486003163639674917558919381743711","329247387442293351965913447392315548157","93201646056831049678197418074882901684","108654598044178431043433722840159076674","57462598979178151281129960340794805790","51529773371374140491508180038001768822","33563672238460129185074670979326785039","79184202036415983377710489013980488926","322648591071611378295533775769567857365","162497551885118486973176688081542419662","268323205414533032545303952179844656190","204785526064591049550320561014787836488","238797248519208424809374423140934660489"]},"signature_type":"Line","target":{"file":"spring boot/common-user-management/src/main/java/common/management/common/service/impl/FileSystemStorageService.java"}},{"source":"https://github.com/osamataher/java-springboot-codebase/commit/204402bb8b68030c14911379ddc82cfff00b8538","id":"CVE-2024-52302-5eedace0","signature_version":"v1","deprecated":false,"digest":{"length":273,"function_hash":"9194877864284865801958603021987294122"},"signature_type":"Function","target":{"file":"spring boot/common-user-management/src/main/java/common/management/common/service/impl/FileSystemStorageService.java","function":"loadAll"}},{"source":"https://github.com/osamataher/java-springboot-codebase/commit/204402bb8b68030c14911379ddc82cfff00b8538","id":"CVE-2024-52302-76acb29d","signature_version":"v1","deprecated":false,"digest":{"threshold":0.9,"line_hashes":["303916833095483188842705291826916876376","193188419362320221271569161519888616583","42872085590159831168511873323027278092","8699395713029848403213445820429281192"]},"signature_type":"Line","target":{"file":"spring boot/common-user-management/src/main/java/common/management/customer/service/impl/CustomerServiceImpl.java"}},{"source":"https://github.com/osamataher/java-springboot-codebase/commit/204402bb8b68030c14911379ddc82cfff00b8538","id":"CVE-2024-52302-f455be4f","signature_version":"v1","deprecated":false,"digest":{"length":6401,"function_hash":"205190781782243530820259574205607139588"},"signature_type":"Function","target":{"file":"spring boot/common-user-management/src/main/java/common/management/common/util/OperationStatus.java","function":"handle"}}],"vanir_signatures_modified":"2026-04-12T09:10:30Z"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V4","score":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"}]}