mend-bolt-for-github[bot]
commented
3 years ago :information_source: This issue was automatically closed by WhiteSource because it is a duplicate of an existing issue: #65
Closed mend-bolt-for-github[bot] closed 3 years ago
mend-bolt-for-github[bot]
commented
3 years ago :information_source: This issue was automatically closed by WhiteSource because it is a duplicate of an existing issue: #65
CVE-2014-3578 - Medium Severity Vulnerability
Spring Framework Parent
Path to dependency file: struts-2.3.20/plugins/spring/pom.xml
Path to vulnerable library: canner/.m2/repository/org/springframework/spring-core/3.0.5.RELEASE/spring-core-3.0.5.RELEASE.jar,canner/.m2/repository/org/springframework/spring-core/3.0.5.RELEASE/spring-core-3.0.5.RELEASE.jar,canner/.m2/repository/org/springframework/spring-core/3.0.5.RELEASE/spring-core-3.0.5.RELEASE.jar,canner/.m2/repository/org/springframework/spring-core/3.0.5.RELEASE/spring-core-3.0.5.RELEASE.jar,/home/wss-scanner/.m2/repository/org/springframework/spring-core/3.0.5.RELEASE/spring-core-3.0.5.RELEASE.jar,canner/.m2/repository/org/springframework/spring-core/3.0.5.RELEASE/spring-core-3.0.5.RELEASE.jar,/home/wss-scanner/.m2/repository/org/springframework/spring-core/3.0.5.RELEASE/spring-core-3.0.5.RELEASE.jar,canner/.m2/repository/org/springframework/spring-core/3.0.5.RELEASE/spring-core-3.0.5.RELEASE.jar,canner/.m2/repository/org/springframework/spring-core/3.0.5.RELEASE/spring-core-3.0.5.RELEASE.jar,canner/.m2/repository/org/springframework/spring-core/3.0.5.RELEASE/spring-core-3.0.5.RELEASE.jar,canner/.m2/repository/org/springframework/spring-core/3.0.5.RELEASE/spring-core-3.0.5.RELEASE.jar,/home/wss-scanner/.m2/repository/org/springframework/spring-core/3.0.5.RELEASE/spring-core-3.0.5.RELEASE.jar,canner/.m2/repository/org/springframework/spring-core/3.0.5.RELEASE/spring-core-3.0.5.RELEASE.jar,canner/.m2/repository/org/springframework/spring-core/3.0.5.RELEASE/spring-core-3.0.5.RELEASE.jar,canner/.m2/repository/org/springframework/spring-core/3.0.5.RELEASE/spring-core-3.0.5.RELEASE.jar
Dependency Hierarchy: - :x: **spring-core-3.0.5.RELEASE.jar** (Vulnerable Library)
Found in HEAD commit: 1d3a9da2b49a075b9122e05e19a483fc66b5aaf4
Directory traversal vulnerability in Pivotal Spring Framework 3.x before 3.2.9 and 4.0 before 4.0.5 allows remote attackers to read arbitrary files via a crafted URL.
Publish Date: 2015-02-19
URL: CVE-2014-3578
Base Score Metrics not available
Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2014-3578
Release Date: 2015-02-19
Fix Resolution: 3.2.9,4.0.5