Description

Directory traversal vulnerability in Pivotal Spring Framework 3.0.4 through 3.2.x before 3.2.12, 4.0.x before 4.0.8, and 4.1.x before 4.1.2 allows remote attackers to read arbitrary files via unspecified vectors, related to static resource handling.

Remediation

References

http://rhn.redhat.com/errata/RHSA-2015-0236.html

http://rhn.redhat.com/errata/RHSA-2015-0720.html

http://www.pivotal.io/security/cve-2014-3625

https://jira.spring.io/browse/SPR-12354

https://lists.debian.org/debian-lts-announce/2019/07/msg00012.html

Related Vulnerabilities

CVE-2019-10746 Vulnerability in maven package org.webjars.npm:mixin-deep

CVE-2020-7754 Vulnerability in npm package npm-user-validate

CVE-2018-11695 Vulnerability in maven package org.webjars.npm:node-sass

CVE-2015-0254 Vulnerability in maven package org.apache.taglibs:taglibs-standard-impl

CVE-2014-10064 Vulnerability in maven package org.webjars.bower:qs

Severity

Critical

Classification

CWE-22

Tags

Third Party Advisory Vendor Advisory