CVE-2016-9878

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2016-9878
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-9878.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2016-9878
Aliases
Downstream
Published
2016-12-29T09:59:00.820Z
Modified
2025-11-14T04:56:57.540792Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
[none]
Details

An issue was discovered in Pivotal Spring Framework before 3.2.18, 4.2.x before 4.2.9, and 4.3.x before 4.3.5. Paths provided to the ResourceServlet were not properly sanitized and as a result exposed to directory traversal attacks.

References

Affected packages

Git / github.com/spring-projects/spring-framework

Affected ranges

Type
GIT
Repo
https://github.com/spring-projects/spring-framework
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
015e1bec649d84d146b04e0062723c88e350e1b2
Last affected
022f1c335755a00d947540fc307741b419bfe9ac
Last affected
0edb85c78b5844a42525705bec2901b773f844c2
Last affected
137dc19fcdeee5a5edc230b39d2cc47f01624df7
Last affected
1e727d65772327b5d89d89e4825e44484b6dd681
Last affected
201b2d752efc4c79b0d52d90e95dac1093520d5f
Last affected
22a14c02c2fad2f7338bb66a759f325f17089612
Last affected
234cb84e832da30b6f53ccca4ef28043aacfcecc
Last affected
28d43f886c5e387dbb496e850782274ec9176160
Last affected
2f9c99e5cfc97e1b8958520b5155aed06d441202
Last affected
30aecf3cc56c568e89e46cac0d87f280c07a847c
Last affected
330ba990490286f0d871120e44f0b9297adf0825
Last affected
345570109ae2dbdafe05a4270f0c710b7d53d050
Last affected
58587159f08a5349801671b486cd781baa63cb9f
Last affected
5b99ee299031d331da9d4cc393ff1c24e0c8d63b
Last affected
62b8f97f0f50b1e3a930c23aa313ca10aa48498f
Last affected
7482cf902106db2bff9e912cb67bdeea3adf5855
Last affected
75bf620ae7df0967965a02e54e01f47ea5fa6f8c
Last affected
77c0292665bc5e61d0e5108f9cd7e066381f28d3
Last affected
8b293e1be40b949b8de5d6ff7411c11416fe3d5a
Last affected
8d6636aab1c2ae892bff33fe66341eda4017cbb6
Last affected
90718ef0d958759527fa7066a7149d8151664dda
Last affected
a1efe4f35d067b93d6ff4b3850ae9b9d6d6f6e26
Last affected
a88b80195aedb70d3c351abeba8e6a0a93af339e
Last affected
abdcefb460fcbc1348ef04505a78381a2c69a643
Last affected
b49d801f241fb8088a5b7514db93fda32c58731c
Last affected
d111af1b88b53f2589d017a7cb6d068464d9bf77
Last affected
d802e2826a85a50b302f3da6770e6583822e2db8
Last affected
dd42a21f3968c165af924310fce460694803756f
Last affected
e3e2272a755a53863276850eb80dd5032f3cf571
Last affected
f440f927198c8b4959c727aec80e9b7423a4f548
Last affected
fc73f6bb2c2a65fadb4a7720af95bf9850733e60

Affected versions

v3.*

v3.1.0.RELEASE
v3.2.0.M1
v3.2.0.M2
v3.2.0.RC1
v3.2.0.RC2-A
v3.2.0.RELEASE
v3.2.1.RELEASE

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-9878.json"