Lucene search
K

11 matches found

CVE
CVE
added 2026/04/29 11:35 a.m.41 views

CVE-2026-22745

The vulnerability is in the Spring Framework’s static resource resolution when serving file-system backed resources in Spring MVC/WebFlux apps on Windows. Affected component: org.springframework:spring-core. Under the conditions that the app uses Spring MVC or Spring WebFlux, serves static resour...

5.3CVSS5.4AI score0.00341EPSS
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2025/08/18 9:31 a.m.15 views

Spring Framework MVC Applications Path Traversal Vulnerability

Spring Framework MVC applications can be vulnerable to a “Path Traversal Vulnerability” when deployed on a non-compliant Servlet container. An application can be vulnerable when all the following are true: the application is deployed as a WAR or with an embedded Servlet container the Servlet...

5.9CVSS7.1AI score0.01916EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2022/05/13 1:2 a.m.32 views

GHSA-HHM4-HWQ6-3C6W Improper Limitation of a Pathname to a Restricted Directory in Spring Framework

Directory traversal vulnerability in Pivotal Spring Framework 3.0.4 through 3.2.x before 3.2.12, 4.0.x before 4.0.8, and 4.1.x before 4.1.2 allows remote attackers to read arbitrary files via unspecified vectors, related to static resource handling...

5CVSS9.1AI score0.1005EPSS
Exploits5References11
Github Security Blog
Github Security Blog
added 2022/05/13 1:2 a.m.37 views

Improper Limitation of a Pathname to a Restricted Directory in Spring Framework

Directory traversal vulnerability in Pivotal Spring Framework 3.0.4 through 3.2.x before 3.2.12, 4.0.x before 4.0.8, and 4.1.x before 4.1.2 allows remote attackers to read arbitrary files via unspecified vectors, related to static resource handling...

5CVSS8.8AI score0.1005EPSS
Exploits5References11Affected Software1
Debian
Debian
added 2019/07/13 9:20 p.m.244 views

[SECURITY] [DLA 1853-1] libspring-java security update

Package : libspring-java Version : 3.0.6.RELEASE-17+deb8u1 CVE ID : CVE-2014-3578 CVE-2014-3625 CVE-2015-3192 CVE-2015-5211 CVE-2016-9878 Debian Bug : 760733 769698 796137 849167 Vulnerabilities have been identified in libspring-java, a modular Java/J2EE application framework. CVE-2014-3578 A...

9.6CVSS7AI score0.1005EPSS
Exploits6
NVD
NVD
added 2014/11/20 5:50 p.m.22 views

CVE-2014-3625

Directory traversal vulnerability in Pivotal Spring Framework 3.0.4 through 3.2.x before 3.2.12, 4.0.x before 4.0.8, and 4.1.x before 4.1.2 allows remote attackers to read arbitrary files via unspecified vectors, related to static resource handling...

5CVSS9.1AI score0.1005EPSS
Exploits5References5
UbuntuCve
UbuntuCve
added 2014/11/20 5:50 p.m.36 views

CVE-2014-3625

Directory traversal vulnerability in Pivotal Spring Framework 3.0.4 through 3.2.x before 3.2.12, 4.0.x before 4.0.8, and 4.1.x before 4.1.2 allows remote attackers to read arbitrary files via unspecified vectors, related to static resource handling...

5CVSS7.2AI score0.1005EPSS
Exploits5References4
OSV
OSV
added 2014/11/20 5:50 p.m.4 views

UBUNTU-CVE-2014-3625

Directory traversal vulnerability in Pivotal Spring Framework 3.0.4 through 3.2.x before 3.2.12, 4.0.x before 4.0.8, and 4.1.x before 4.1.2 allows remote attackers to read arbitrary files via unspecified vectors, related to static resource handling...

5CVSS7.3AI score0.1005EPSS
Exploits5References5
Cvelist
Cvelist
added 2014/11/20 5:0 p.m.28 views

CVE-2014-3625

Directory traversal vulnerability in Pivotal Spring Framework 3.0.4 through 3.2.x before 3.2.12, 4.0.x before 4.0.8, and 4.1.x before 4.1.2 allows remote attackers to read arbitrary files via unspecified vectors, related to static resource handling...

9.2AI score0.1005EPSS
Exploits5References5
CVE
CVE
added 2014/11/20 5:0 p.m.123 views

CVE-2014-3625

CVE-2014-3625 is a directory traversal vulnerability in Spring Framework. Affected versions: 3.0.4–3.2.x before 3.2.12, 4.0.x before 4.0.8, and 4.1.x before 4.1.2. Description from sources: remote attackers could read arbitrary files via unspecified vectors related to static resource handling. Im...

5CVSS9AI score0.1005EPSS
Exploits5References5Affected Software2
Debian CVE
Debian CVE
added 2014/11/20 5:0 p.m.30 views

CVE-2014-3625

Directory traversal vulnerability in Pivotal Spring Framework 3.0.4 through 3.2.x before 3.2.12, 4.0.x before 4.0.8, and 4.1.x before 4.1.2 allows remote attackers to read arbitrary files via unspecified vectors, related to static resource handling...

5CVSS8.1AI score0.1005EPSS
Exploits5
Rows per page
Query Builder