Description

Directory traversal vulnerability in Pivotal Spring Framework 3.0.4 through 3.2.x before 3.2.12, 4.0.x before 4.0.8, and 4.1.x before 4.1.2 allows remote attackers to read arbitrary files via unspecified vectors, related to static resource handling.

Remediation

References

http://rhn.redhat.com/errata/RHSA-2015-0236.html

http://rhn.redhat.com/errata/RHSA-2015-0720.html

http://www.pivotal.io/security/cve-2014-3625

https://jira.spring.io/browse/SPR-12354

https://lists.debian.org/debian-lts-announce/2019/07/msg00012.html

Related Vulnerabilities

CVE-2020-6449 Vulnerability in npm package electron

CVE-2020-4045 Vulnerability in npm package ssb-db

CVE-2023-37963 Vulnerability in maven package io.jenkins.plugins:benchmark-evaluator

CVE-2017-2652 Vulnerability in maven package org.jvnet.hudson.plugins:distfork

CVE-2017-7667 Vulnerability in maven package org.apache.nifi:nifi

Severity

Critical

Classification

CWE-22

Tags

Third Party Advisory Vendor Advisory