An issue was discovered in Pivotal Spring Framework before 3.2.18, 4.2.x before 4.2.9, and 4.3.x before 4.3.5. Paths provided to the ResourceServlet were not properly sanitized and as a result exposed to directory traversal attacks.
{
"unresolved_ranges": [
{
"cpes": [
"cpe:2.3:a:pivotal_software:spring_framework:*:*:*:*:*:*:*:*"
],
"extracted_events": [
{
"last_affected": "3.2.0"
}
],
"vendor_product": "pivotal_software:spring_framework",
"source": "CPE_RANGE"
},
{
"cpes": [
"cpe:2.3:a:pivotal_software:spring_framework:4.2.0:*:*:*:*:*:*:*",
"cpe:2.3:a:pivotal_software:spring_framework:4.3.0:*:*:*:*:*:*:*"
],
"extracted_events": [
{
"introduced": "4.2.0"
},
{
"last_affected": "4.2.0"
},
{
"introduced": "4.3.0"
},
{
"last_affected": "4.3.0"
}
],
"vendor_product": "pivotal_software:spring_framework",
"source": "CPE_STRING"
}
]
}{
"cpe": [
"cpe:2.3:a:vmware:spring_framework:3.2.1:*:*:*:*:*:*:*",
"cpe:2.3:a:vmware:spring_framework:3.2.2:*:*:*:*:*:*:*",
"cpe:2.3:a:vmware:spring_framework:3.2.3:*:*:*:*:*:*:*",
"cpe:2.3:a:vmware:spring_framework:3.2.4:*:*:*:*:*:*:*",
"cpe:2.3:a:vmware:spring_framework:3.2.5:*:*:*:*:*:*:*",
"cpe:2.3:a:vmware:spring_framework:3.2.6:*:*:*:*:*:*:*",
"cpe:2.3:a:vmware:spring_framework:3.2.7:*:*:*:*:*:*:*",
"cpe:2.3:a:vmware:spring_framework:3.2.8:*:*:*:*:*:*:*",
"cpe:2.3:a:vmware:spring_framework:3.2.9:*:*:*:*:*:*:*",
"cpe:2.3:a:vmware:spring_framework:3.2.10:*:*:*:*:*:*:*",
"cpe:2.3:a:vmware:spring_framework:3.2.11:*:*:*:*:*:*:*",
"cpe:2.3:a:vmware:spring_framework:3.2.12:*:*:*:*:*:*:*",
"cpe:2.3:a:vmware:spring_framework:3.2.13:*:*:*:*:*:*:*",
"cpe:2.3:a:vmware:spring_framework:3.2.14:*:*:*:*:*:*:*",
"cpe:2.3:a:vmware:spring_framework:3.2.15:*:*:*:*:*:*:*",
"cpe:2.3:a:vmware:spring_framework:3.2.16:*:*:*:*:*:*:*",
"cpe:2.3:a:vmware:spring_framework:3.2.17:*:*:*:*:*:*:*",
"cpe:2.3:a:vmware:spring_framework:4.2.1:*:*:*:*:*:*:*",
"cpe:2.3:a:vmware:spring_framework:4.2.2:*:*:*:*:*:*:*",
"cpe:2.3:a:vmware:spring_framework:4.2.3:*:*:*:*:*:*:*",
"cpe:2.3:a:vmware:spring_framework:4.2.4:*:*:*:*:*:*:*",
"cpe:2.3:a:vmware:spring_framework:4.2.5:*:*:*:*:*:*:*",
"cpe:2.3:a:vmware:spring_framework:4.2.6:*:*:*:*:*:*:*",
"cpe:2.3:a:vmware:spring_framework:4.2.7:*:*:*:*:*:*:*",
"cpe:2.3:a:vmware:spring_framework:4.2.8:*:*:*:*:*:*:*",
"cpe:2.3:a:vmware:spring_framework:4.3.1:*:*:*:*:*:*:*",
"cpe:2.3:a:vmware:spring_framework:4.3.2:*:*:*:*:*:*:*",
"cpe:2.3:a:vmware:spring_framework:4.3.3:*:*:*:*:*:*:*",
"cpe:2.3:a:vmware:spring_framework:4.3.4:*:*:*:*:*:*:*"
],
"extracted_events": [
{
"introduced": "3.2.1"
},
{
"last_affected": "3.2.1"
},
{
"introduced": "3.2.2"
},
{
"last_affected": "3.2.2"
},
{
"introduced": "3.2.3"
},
{
"last_affected": "3.2.3"
},
{
"introduced": "3.2.4"
},
{
"last_affected": "3.2.4"
},
{
"introduced": "3.2.5"
},
{
"last_affected": "3.2.5"
},
{
"introduced": "3.2.6"
},
{
"last_affected": "3.2.6"
},
{
"introduced": "3.2.7"
},
{
"last_affected": "3.2.7"
},
{
"introduced": "3.2.8"
},
{
"last_affected": "3.2.8"
},
{
"introduced": "3.2.9"
},
{
"last_affected": "3.2.9"
},
{
"introduced": "3.2.10"
},
{
"last_affected": "3.2.10"
},
{
"introduced": "3.2.11"
},
{
"last_affected": "3.2.11"
},
{
"introduced": "3.2.12"
},
{
"last_affected": "3.2.12"
},
{
"introduced": "3.2.13"
},
{
"last_affected": "3.2.13"
},
{
"introduced": "3.2.14"
},
{
"last_affected": "3.2.14"
},
{
"introduced": "3.2.15"
},
{
"last_affected": "3.2.15"
},
{
"introduced": "3.2.16"
},
{
"last_affected": "3.2.16"
},
{
"introduced": "3.2.17"
},
{
"last_affected": "3.2.17"
},
{
"introduced": "4.2.1"
},
{
"last_affected": "4.2.1"
},
{
"introduced": "4.2.2"
},
{
"last_affected": "4.2.2"
},
{
"introduced": "4.2.3"
},
{
"last_affected": "4.2.3"
},
{
"introduced": "4.2.4"
},
{
"last_affected": "4.2.4"
},
{
"introduced": "4.2.5"
},
{
"last_affected": "4.2.5"
},
{
"introduced": "4.2.6"
},
{
"last_affected": "4.2.6"
},
{
"introduced": "4.2.7"
},
{
"last_affected": "4.2.7"
},
{
"introduced": "4.2.8"
},
{
"last_affected": "4.2.8"
},
{
"introduced": "4.3.1"
},
{
"last_affected": "4.3.1"
},
{
"introduced": "4.3.2"
},
{
"last_affected": "4.3.2"
},
{
"introduced": "4.3.3"
},
{
"last_affected": "4.3.3"
},
{
"introduced": "4.3.4"
},
{
"last_affected": "4.3.4"
}
],
"source": "CPE_STRING"
}