Description
Directory traversal vulnerability in Pivotal Spring Framework 3.0.4 through 3.2.x before 3.2.12, 4.0.x before 4.0.8, and 4.1.x before 4.1.2 allows remote attackers to read arbitrary files via unspecified vectors, related to static resource handling.
Remediation
References
http://rhn.redhat.com/errata/RHSA-2015-0236.html
http://rhn.redhat.com/errata/RHSA-2015-0720.html
http://www.pivotal.io/security/cve-2014-3625
https://jira.spring.io/browse/SPR-12354
https://lists.debian.org/debian-lts-announce/2019/07/msg00012.html
Related Vulnerabilities
CVE-2016-6809 Vulnerability in maven package org.apache.tika:tika-parsers
CVE-2021-4307 Vulnerability in maven package org.webjars.bower:baobab
CVE-2017-16100 Vulnerability in npm package dns-sync
CVE-2020-12668 Vulnerability in maven package com.hubspot.jinjava:jinjava
CVE-2017-16118 Vulnerability in maven package org.webjars.npm:forwarded