CVE-2014-3578
published 2015-02-19CVE-2014-3578: Directory traversal vulnerability in Pivotal Spring Framework 3.x before 3.2.9 and 4.0 before 4.0.5 allows remote attackers to read arbitrary files via a…
medium5CVSS 3.1
AVNACLAuNCPINAN
Directory traversal vulnerability in Pivotal Spring Framework 3.x before 3.2.9 and 4.0 before 4.0.5 allows remote attackers to read arbitrary files via a crafted URL.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | libspring-java | < libspring-java 3.2.13-1 (bookworm) | libspring-java 3.2.13-1 (bookworm) |
| pivotal_software | spring_framework | >= 3.2.0 < 3.2.9 | 3.2.9 |
| pivotal_software | spring_framework | >= 4.0.0 < 4.0.5 | 4.0.5 |
CVSS provenance
nvd5.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
osv8.8HIGH