Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: GSA_kwCzR0hTQS1oaG00LWh3cTYtM2M2d83o4g

Improper Limitation of a Pathname to a Restricted Directory in Spring Framework

Directory traversal vulnerability in Pivotal Spring Framework 3.0.4 through 3.2.x before 3.2.12, 4.0.x before 4.0.8, and 4.1.x before 4.1.2 allows remote attackers to read arbitrary files via unspecified vectors, related to static resource handling.

Permalink: https://github.com/advisories/GHSA-hhm4-hwq6-3c6w
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1oaG00LWh3cTYtM2M2d83o4g
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: almost 2 years ago
Updated: about 2 months ago

Identifiers: GHSA-hhm4-hwq6-3c6w, CVE-2014-3625
References:

Repository: https://github.com/spring-projects/spring-framework
Blast Radius: 0.0

Affected Packages

maven:org.springframework:spring-webmvc

Dependent packages: 4,621
Dependent repositories: 227,195
Downloads:
Affected Version Ranges: >= 4.1.0, < 4.1.2, >= 4.0.0, < 4.0.8, >= 3.0.4, < 3.2.12
Fixed in: 4.1.2, 4.0.8, 3.2.12
All affected versions:
All unaffected versions: 1.0.1, 1.1.1, 1.1.2, 1.1.3, 1.1.4, 1.1.5, 1.2.1, 1.2.2, 1.2.3, 1.2.4, 1.2.5, 1.2.6, 1.2.7, 1.2.8, 1.2.9, 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, 2.0.6, 2.0.7, 2.0.8, 2.5.1, 2.5.2, 2.5.3, 2.5.4, 2.5.5, 2.5.6, 5.3.0, 5.3.1, 5.3.2, 5.3.3, 5.3.4, 5.3.5, 5.3.6, 5.3.7, 5.3.8, 5.3.9, 5.3.10, 5.3.11, 5.3.12, 5.3.13, 5.3.14, 5.3.15, 5.3.16, 5.3.17, 5.3.18, 5.3.19, 5.3.20, 5.3.21, 5.3.22, 5.3.23, 5.3.24, 5.3.25, 5.3.26, 5.3.27, 5.3.28, 5.3.29, 5.3.30, 5.3.31, 5.3.32, 5.3.33, 5.3.34, 6.0.0, 6.0.1, 6.0.2, 6.0.3, 6.0.4, 6.0.5, 6.0.6, 6.0.7, 6.0.8, 6.0.9, 6.0.10, 6.0.11, 6.0.12, 6.0.13, 6.0.14, 6.0.15, 6.0.16, 6.0.17, 6.0.18, 6.0.19, 6.1.0, 6.1.1, 6.1.2, 6.1.3, 6.1.4, 6.1.5, 6.1.6