ghsa-2m8h-fgr8-2q9w
Vulnerability from github
Published
2018-10-04 20:29
Modified
2024-03-05 17:45
Severity
Summary
Pivotal Spring Framework Paths provided to the ResourceServlet were not properly sanitized
Details
An issue was discovered in Pivotal Spring Framework before 3.2.18, 4.2.x before 4.2.9, and 4.3.x before 4.3.5. Paths provided to the ResourceServlet were not properly sanitized and as a result exposed to directory traversal attacks.
{ "affected": [ { "package": { "ecosystem": "Maven", "name": "org.springframework:spring-webmvc" }, "ranges": [ { "events": [ { "introduced": "0" }, { "fixed": "3.2.18" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "Maven", "name": "org.springframework:spring-webmvc" }, "ranges": [ { "events": [ { "introduced": "4.2.0" }, { "fixed": "4.2.9" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "Maven", "name": "org.springframework:spring-webmvc" }, "ranges": [ { "events": [ { "introduced": "4.3.0" }, { "fixed": "4.3.5" } ], "type": "ECOSYSTEM" } ] } ], "aliases": [ "CVE-2016-9878" ], "database_specific": { "cwe_ids": [ "CWE-22" ], "github_reviewed": true, "github_reviewed_at": "2020-06-16T20:52:31Z", "nvd_published_at": "2016-12-29T09:59:00Z", "severity": "HIGH" }, "details": "An issue was discovered in Pivotal Spring Framework before 3.2.18, 4.2.x before 4.2.9, and 4.3.x before 4.3.5. Paths provided to the ResourceServlet were not properly sanitized and as a result exposed to directory traversal attacks.", "id": "GHSA-2m8h-fgr8-2q9w", "modified": "2024-03-05T17:45:42Z", "published": "2018-10-04T20:29:55Z", "references": [ { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-9878" }, { "type": "WEB", "url": "https://github.com/spring-projects/spring-framework/issues/19513" }, { "type": "WEB", "url": "https://github.com/spring-projects/spring-framework/commit/43bf008fbcd0d7945e2fcd5e30039bc4d74c7a98" }, { "type": "WEB", "url": "https://github.com/spring-projects/spring-framework/commit/a7dc48534ea501525f11369d369178a60c2f47d0" }, { "type": "WEB", "url": "https://github.com/spring-projects/spring-framework/commit/e2d6e709c3c65a4951eb096843ee75d5200cfcad" }, { "type": "WEB", "url": "https://access.redhat.com/errata/RHSA-2017:3115" }, { "type": "ADVISORY", "url": "https://github.com/advisories/GHSA-2m8h-fgr8-2q9w" }, { "type": "PACKAGE", "url": "https://github.com/spring-projects/spring-framework" }, { "type": "WEB", "url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00012.html" }, { "type": "WEB", "url": "https://pivotal.io/security/cve-2016-9878" }, { "type": "WEB", "url": "https://security.netapp.com/advisory/ntap-20180419-0002" }, { "type": "WEB", "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" }, { "type": "WEB", "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html" }, { "type": "WEB", "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html" }, { "type": "WEB", "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html" }, { "type": "WEB", "url": "http://www.securityfocus.com/bid/95072" }, { "type": "WEB", "url": "http://www.securitytracker.com/id/1040698" } ], "schema_version": "1.4.0", "severity": [ { "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "type": "CVSS_V3" } ], "summary": "Pivotal Spring Framework Paths provided to the ResourceServlet were not properly sanitized" }
Loading...