CVE-2014-3625 – org.springframework:spring-webmvc

Package

Manager: maven
Name: org.springframework:spring-webmvc
Vulnerable Version: >=3.0.4 <3.2.12 || >=4.0.0 <4.0.8 || >=4.1.0 <4.1.2

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.23174 pctl0.9572

Details

Improper Limitation of a Pathname to a Restricted Directory in Spring Framework Directory traversal vulnerability in Pivotal Spring Framework 3.0.4 through 3.2.x before 3.2.12, 4.0.x before 4.0.8, and 4.1.x before 4.1.2 allows remote attackers to read arbitrary files via unspecified vectors, related to static resource handling.

Metadata

Created: 2022-05-13T01:02:39Z
Modified: 2024-03-05T18:38:39Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-hhm4-hwq6-3c6w/GHSA-hhm4-hwq6-3c6w.json
CWE IDs: ["CWE-22"]
Alternative ID: GHSA-hhm4-hwq6-3c6w
Finding: F063
Auto approve: 1