CVE-2014-3625
published 2014-11-20CVE-2014-3625: Directory traversal vulnerability in Pivotal Spring Framework 3.0.4 through 3.2.x before 3.2.12, 4.0.x before 4.0.8, and 4.1.x before 4.1.2 allows remote…
medium5CVSS 3.1
AVNACLAuNCPINAN
Directory traversal vulnerability in Pivotal Spring Framework 3.0.4 through 3.2.x before 3.2.12, 4.0.x before 4.0.8, and 4.1.x before 4.1.2 allows remote attackers to read arbitrary files via unspecified vectors, related to static resource handling.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | libspring-java | < libspring-java 3.2.13-1 (bookworm) | libspring-java 3.2.13-1 (bookworm) |
| pivotal_software | spring_framework | 3.1.0 – 3.1.4 | — |
| pivotal_software | spring_framework | >= 3.2.0 < 3.2.12 | 3.2.12 |
| pivotal_software | spring_framework | >= 4.0.0 < 4.0.8 | 4.0.8 |
| pivotal_software | spring_framework | >= 4.1.0 < 4.1.2 | 4.1.2 |
| vmware | spring_framework | 3.0.4 – 3.0.7 | — |
CVSS provenance
nvd5.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
osv8.8HIGH