logo

Database

Lack of data validation - Path Traversal In org.springframework:spring-core

Description

Pivotal Spring Framework Paths provided to the ResourceServlet were not properly sanitized An issue was discovered in Pivotal Spring Framework before 3.2.18, 4.2.x before 4.2.9, and 4.3.x before 4.3.5. Paths provided to the ResourceServlet were not properly sanitized and as a result exposed to directory traversal attacks.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version
Patched versions

Aliases

1. CVE-2016-98782. NVD-2016-98783. OSV-2016-98784. OSV-DEBIAN-2016-98785. GHSA-2m8h-fgr8-2q9w6. GCVE-2016-98787. access.redhat.com8. lists.debian.org9. PIVOTAL-cve-2016-987810. SECURITY-TRACKER-CVE-2016-9878

References

1. https://security.netapp.com/advisory/ntap-20180419-0002/2. https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html3. http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html4. http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html5. http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html6. http://www.securityfocus.com/bid/950727. http://www.securitytracker.com/id/10406988. https://github.com/spring-projects/spring-framework/issues/195139. https://github.com/spring-projects/spring-framework/commit/43bf008fbcd0d7945e2fcd5e30039bc4d74c7a9810. https://github.com/spring-projects/spring-framework/commit/a7dc48534ea501525f11369d369178a60c2f47d011. https://github.com/spring-projects/spring-framework/commit/e2d6e709c3c65a4951eb096843ee75d5200cfcad12. https://pivotal.io/security/cve-2016-987813. https://security.netapp.com/advisory/ntap-20180419-0002

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.