Closed mend-bolt-for-github[bot] closed 11 months ago
:information_source: This issue was automatically closed by Mend because it is a duplicate of an existing issue: #58
:information_source: This issue was automatically closed by Mend because it is a duplicate of an existing issue: #58
CVE-2014-3578 - Medium Severity Vulnerability
Vulnerable Library - spring-core-3.2.8.RELEASE.jar
Spring Core
Library home page: https://github.com/SpringSource/spring-framework
Path to dependency file: /jetty-spring/pom.xml
Path to vulnerable library: /jetty-spring/pom.xml
Dependency Hierarchy: - spring-beans-3.2.8.RELEASE.jar (Root Library) - :x: **spring-core-3.2.8.RELEASE.jar** (Vulnerable Library)
Found in HEAD commit: b976400adf459c779b88fa83118b68aa39af14c7
Found in base branch: main
Vulnerability Details
Directory traversal vulnerability in Pivotal Spring Framework 3.x before 3.2.9 and 4.0 before 4.0.5 allows remote attackers to read arbitrary files via a crafted URL.
Publish Date: 2015-02-19
URL: CVE-2014-3578
CVSS 3 Score Details (5.3)
Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: Low - Integrity Impact: None - Availability Impact: None
For more information on CVSS3 Scores, click here.Suggested Fix
Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2014-3578
Release Date: 2015-02-19
Fix Resolution (org.springframework:spring-core): 3.2.9.RELEASE
Direct dependency fix Resolution (org.springframework:spring-beans): 3.2.9.RELEASE
Step up your Open Source Security Game with Mend here