Improper Limitation of a Pathname to a Restricted Directory in Spring Framework

GHSA-hhm4-hwq6-3c6w · CVE-2014-3625

Published May 13, 2022 · Modified Dec 3, 2024

Description

Directory traversal vulnerability in Pivotal Spring Framework 3.0.4 through 3.2.x before 3.2.12, 4.0.x before 4.0.8, and 4.1.x before 4.1.2 allows remote attackers to read arbitrary files via unspecified vectors, related to static resource handling.

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2014-3625
WEB https://github.com/spring-projects/spring-framework/commit/161d3e3049f129e211f68a4e94b544e0f0d8384d
WEB https://github.com/spring-projects/spring-framework/commit/3f68cd633f03370d33c2603a6496e81273782601
WEB https://github.com/spring-projects/spring-framework/commit/9beae9ae4226c45cd428035dae81214439324676
WEB https://github.com/spring-projects/spring-framework/commit/9cef8e3001ddd61c734281a7556efd84b6cc2755
PACKAGE https://github.com/spring-projects/spring-framework
WEB https://jira.spring.io/browse/SPR-12354
WEB https://lists.debian.org/debian-lts-announce/2019/07/msg00012.html
WEB http://rhn.redhat.com/errata/RHSA-2015-0236.html
WEB http://rhn.redhat.com/errata/RHSA-2015-0720.html
WEB http://www.pivotal.io/security/cve-2014-3625

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes