Swapnil Paliwaland

**Name of the Vulnerable Software and Affected Versions** Spring Cloud Config versions 3.1.0 through 3.1.13 Spring Cloud Config versions 4.1.0 through 4.1.9 Spring Cloud Config versions 4.2.0 through 4.2.6 Spring Cloud Config versions 4.3.0 through 4.3.2 Spring Cloud Config versions 5.0.0 through 5.0.2 **Description** The `spring-cloud-config-server` module allows applications to serve arbitrary text and binary files. A malicious user can send a request using a specially crafted URL to perform a directory traversal attack, which is a technique used to access files and directories stored outside the intended folder. Additionally, a GCP secret leak has been identified. **Recommendations** Upgrade versions 3.1.0 through 3.1.13 to 3.1.14 or greater. Upgrade versions 4.1.0 through 4.1.9 to 4.1.10 or greater. Upgrade versions 4.2.0 through 4.2.6 to 4.2.7 or greater. Upgrade versions 4.3.0 through 4.3.2 to 4.3.3 or greater. Upgrade versions 5.0.0 through 5.0.2 to 5.0.3 or greater.