GHSA-hhm4-hwq6-3c6w

Source

https://github.com/advisories/GHSA-hhm4-hwq6-3c6w

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-hhm4-hwq6-3c6w/GHSA-hhm4-hwq6-3c6w.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-hhm4-hwq6-3c6w

Aliases

CVE-2014-3625

Published

2022-05-13T01:02:39Z

Modified

2024-12-03T06:07:56.532259Z

Summary

Improper Limitation of a Pathname to a Restricted Directory in Spring Framework

Details

Directory traversal vulnerability in Pivotal Spring Framework 3.0.4 through 3.2.x before 3.2.12, 4.0.x before 4.0.8, and 4.1.x before 4.1.2 allows remote attackers to read arbitrary files via unspecified vectors, related to static resource handling.

Database specific

{
    "nvd_published_at": "2014-11-20T17:50:00Z",
    "cwe_ids": [
        "CWE-22"
    ],
    "severity": "MODERATE",
    "github_reviewed": true,
    "github_reviewed_at": "2022-07-07T22:37:37Z"
}

References

Affected packages

Maven / org.springframework:spring-webmvc

Package

Name: org.springframework:spring-webmvc; View open source insights on deps.dev
Purl: pkg:maven/org.springframework/spring-webmvc

Affected ranges

Type: ECOSYSTEM
Events: Introduced

3.0.4

Fixed

3.2.12

Affected versions

3.*

3.0.4.RELEASE

3.0.5.RELEASE

3.0.6.RELEASE

3.0.7.RELEASE

3.1.0.RELEASE

3.1.1.RELEASE

3.1.2.RELEASE

3.1.3.RELEASE

3.1.4.RELEASE

3.2.0.RELEASE

3.2.1.RELEASE

3.2.2.RELEASE

3.2.3.RELEASE

3.2.4.RELEASE

3.2.5.RELEASE

3.2.6.RELEASE

3.2.7.RELEASE

3.2.8.RELEASE

3.2.9.RELEASE

3.2.10.RELEASE

3.2.11.RELEASE

Maven / org.springframework:spring-webmvc

Package

Name: org.springframework:spring-webmvc; View open source insights on deps.dev
Purl: pkg:maven/org.springframework/spring-webmvc

Affected ranges

Type: ECOSYSTEM
Events: Introduced

4.0.0

Fixed

4.0.8

Affected versions

4.*

4.0.0.RELEASE

4.0.1.RELEASE

4.0.2.RELEASE

4.0.3.RELEASE

4.0.4.RELEASE

4.0.5.RELEASE

4.0.6.RELEASE

4.0.7.RELEASE

Maven / org.springframework:spring-webmvc

Package

Name: org.springframework:spring-webmvc; View open source insights on deps.dev
Purl: pkg:maven/org.springframework/spring-webmvc

Affected ranges

Type: ECOSYSTEM
Events: Introduced

4.1.0

Fixed

4.1.2

Affected versions

4.*

4.1.0.RELEASE

4.1.1.RELEASE