Description

Directory traversal vulnerability in Pivotal Spring Framework 3.0.4 through 3.2.x before 3.2.12, 4.0.x before 4.0.8, and 4.1.x before 4.1.2 allows remote attackers to read arbitrary files via unspecified vectors, related to static resource handling.

Remediation

References

http://rhn.redhat.com/errata/RHSA-2015-0236.html

http://rhn.redhat.com/errata/RHSA-2015-0720.html

http://www.pivotal.io/security/cve-2014-3625

https://jira.spring.io/browse/SPR-12354

https://lists.debian.org/debian-lts-announce/2019/07/msg00012.html

Related Vulnerabilities

CVE-2016-6809 Vulnerability in maven package org.apache.tika:tika-parsers

CVE-2021-4307 Vulnerability in maven package org.webjars.bower:baobab

CVE-2017-16100 Vulnerability in npm package dns-sync

CVE-2020-12668 Vulnerability in maven package com.hubspot.jinjava:jinjava

CVE-2017-16118 Vulnerability in maven package org.webjars.npm:forwarded

Severity

Critical

Classification

CWE-22

Tags

Third Party Advisory Vendor Advisory