Open mend-bolt-for-github[bot] opened 1 year ago
:heavy_check_mark: This issue was automatically closed by Mend because the vulnerable library in the specific branch(es) was either marked as ignored or it is no longer part of the Mend inventory.
:information_source: This issue was automatically re-opened by Mend because the vulnerable library in the specific branch(es) has been detected in the Mend inventory.
CVE-2014-3578 - Medium Severity Vulnerability
Vulnerable Library - spring-core-3.2.8.RELEASE.jar
Spring Core
Library home page: http://springsource.org/spring-framework
Path to dependency file: /jetty-spring/pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/spring-core/3.2.8.RELEASE/spring-core-3.2.8.RELEASE.jar
Dependency Hierarchy: - spring-beans-3.2.8.RELEASE.jar (Root Library) - :x: **spring-core-3.2.8.RELEASE.jar** (Vulnerable Library)
Found in HEAD commit: 431f7b4ab0caf32ae567489909f6a79989599195
Found in base branch: master
Vulnerability Details
Directory traversal vulnerability in Pivotal Spring Framework 3.x before 3.2.9 and 4.0 before 4.0.5 allows remote attackers to read arbitrary files via a crafted URL.
Publish Date: 2015-02-19
URL: CVE-2014-3578
CVSS 3 Score Details (5.3)
Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: Low - Integrity Impact: None - Availability Impact: None
For more information on CVSS3 Scores, click here.Suggested Fix
Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2014-3578
Release Date: 2015-02-19
Fix Resolution (org.springframework:spring-core): 3.2.9.RELEASE
Direct dependency fix Resolution (org.springframework:spring-beans): 3.2.9.RELEASE
Step up your Open Source Security Game with Mend here