Description
Directory traversal vulnerability in Pivotal Spring Framework 3.0.4 through 3.2.x before 3.2.12, 4.0.x before 4.0.8, and 4.1.x before 4.1.2 allows remote attackers to read arbitrary files via unspecified vectors, related to static resource handling.
Remediation
References
http://rhn.redhat.com/errata/RHSA-2015-0236.html
http://rhn.redhat.com/errata/RHSA-2015-0720.html
http://www.pivotal.io/security/cve-2014-3625
https://jira.spring.io/browse/SPR-12354
https://lists.debian.org/debian-lts-announce/2019/07/msg00012.html
Related Vulnerabilities
CVE-2019-10157 Vulnerability in npm package keycloak-connect
CVE-2017-18239 Vulnerability in maven package com.jason-goodwin:authentikat-jwt_2.12
CVE-2017-20162 Vulnerability in maven package org.webjars.npm:ms
CVE-2019-16148 Vulnerability in maven package org.sakaiproject:chat-base
CVE-2019-14262 Vulnerability in maven package com.drewnoakes:metadata-extractor