Description

Directory traversal vulnerability in Pivotal Spring Framework 3.0.4 through 3.2.x before 3.2.12, 4.0.x before 4.0.8, and 4.1.x before 4.1.2 allows remote attackers to read arbitrary files via unspecified vectors, related to static resource handling.

Remediation

References

https://jira.spring.io/browse/SPR-12354

http://www.pivotal.io/security/cve-2014-3625

http://rhn.redhat.com/errata/RHSA-2015-0236.html

http://rhn.redhat.com/errata/RHSA-2015-0720.html

https://lists.debian.org/debian-lts-announce/2019/07/msg00012.html

Related Vulnerabilities

CVE-2021-21174 Vulnerability in npm package electron

CVE-2020-6532 Vulnerability in npm package electron

CVE-2020-5219 Vulnerability in maven package org.webjars.npm:angular-expressions

CVE-2020-7598 Vulnerability in maven package org.webjars.npm:minimist

CVE-2022-45390 Vulnerability in maven package io.loader:loaderio-jenkins-plugin

Severity

Critical

Classification

CWE-22

Tags

Third Party Advisory Vendor Advisory