Description

Directory traversal vulnerability in Pivotal Spring Framework 3.0.4 through 3.2.x before 3.2.12, 4.0.x before 4.0.8, and 4.1.x before 4.1.2 allows remote attackers to read arbitrary files via unspecified vectors, related to static resource handling.

Remediation

References

http://rhn.redhat.com/errata/RHSA-2015-0236.html

http://rhn.redhat.com/errata/RHSA-2015-0720.html

http://www.pivotal.io/security/cve-2014-3625

https://jira.spring.io/browse/SPR-12354

https://lists.debian.org/debian-lts-announce/2019/07/msg00012.html

Related Vulnerabilities

CVE-2017-12617 Vulnerability in maven package org.apache.tomcat:tomcat-catalina

CVE-2020-7642 Vulnerability in npm package lazysizes

CVE-2020-1948 Vulnerability in maven package org.apache.dubbo:dubbo-rpc

CVE-2022-47042 Vulnerability in maven package net.mingsoft:ms-mcms

CVE-2016-1000229 Vulnerability in maven package org.webjars.npm:swagger-ui

Severity

Critical

Classification

CWE-22

Tags

Third Party Advisory Vendor Advisory