Description

Directory traversal vulnerability in Pivotal Spring Framework 3.0.4 through 3.2.x before 3.2.12, 4.0.x before 4.0.8, and 4.1.x before 4.1.2 allows remote attackers to read arbitrary files via unspecified vectors, related to static resource handling.

Remediation

References

http://rhn.redhat.com/errata/RHSA-2015-0236.html

http://rhn.redhat.com/errata/RHSA-2015-0720.html

http://www.pivotal.io/security/cve-2014-3625

https://jira.spring.io/browse/SPR-12354

https://lists.debian.org/debian-lts-announce/2019/07/msg00012.html

Related Vulnerabilities

CVE-2019-15658 Vulnerability in npm package connect-pg-simple

CVE-2022-24827 Vulnerability in maven package com.yahoo.elide:elide-datastore-aggregation

CVE-2019-9843 Vulnerability in maven package com.diffplug.spotless:spotless-plugin-gradle

CVE-2020-2225 Vulnerability in maven package org.jenkins-ci.plugins:matrix-project

CVE-2013-5960 Vulnerability in maven package org.owasp.esapi:esapi

Severity

Critical

Classification

CWE-22

Tags

Third Party Advisory Vendor Advisory