CVE-2016-9878 – org.springframework:spring-webmvc

Package

Manager: maven
Name: org.springframework:spring-webmvc
Vulnerable Version: >=0 <3.2.18 || >=4.2.0 <4.2.9 || >=4.3.0 <4.3.5

Severity

Level: High

CVSS v3.1: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.04927 pctl0.89214

Details

Pivotal Spring Framework Paths provided to the ResourceServlet were not properly sanitized An issue was discovered in Pivotal Spring Framework before 3.2.18, 4.2.x before 4.2.9, and 4.3.x before 4.3.5. Paths provided to the ResourceServlet were not properly sanitized and as a result exposed to directory traversal attacks.

Metadata

Created: 2018-10-04T20:29:55Z
Modified: 2024-03-05T17:45:42Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2018/10/GHSA-2m8h-fgr8-2q9w/GHSA-2m8h-fgr8-2q9w.json
CWE IDs: ["CWE-22"]
Alternative ID: GHSA-2m8h-fgr8-2q9w
Finding: F063
Auto approve: 1