CVE-2016-9878

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2016-9878

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-9878.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2016-9878

Aliases

GHSA-2m8h-fgr8-2q9w

Downstream

DEBIAN-CVE-2016-9878

DLA-1853-1

UBUNTU-CVE-2016-9878

USN-4774-1

Published

2016-12-29T09:59:00Z

Modified

2025-09-19T08:41:53.774541Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

An issue was discovered in Pivotal Spring Framework before 3.2.18, 4.2.x before 4.2.9, and 4.3.x before 4.3.5. Paths provided to the ResourceServlet were not properly sanitized and as a result exposed to directory traversal attacks.

References

Affected packages

Git / github.com/spring-projects/spring-framework

Affected ranges

Type: GIT
Repo: https://github.com/spring-projects/spring-framework
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

015e1bec649d84d146b04e0062723c88e350e1b2

Last affected

022f1c335755a00d947540fc307741b419bfe9ac

Last affected

0edb85c78b5844a42525705bec2901b773f844c2

Last affected

137dc19fcdeee5a5edc230b39d2cc47f01624df7

Last affected

1e727d65772327b5d89d89e4825e44484b6dd681

Last affected

201b2d752efc4c79b0d52d90e95dac1093520d5f

Last affected

22a14c02c2fad2f7338bb66a759f325f17089612

Last affected

234cb84e832da30b6f53ccca4ef28043aacfcecc

Last affected

28d43f886c5e387dbb496e850782274ec9176160

Last affected

2f9c99e5cfc97e1b8958520b5155aed06d441202

Last affected

30aecf3cc56c568e89e46cac0d87f280c07a847c

Last affected

330ba990490286f0d871120e44f0b9297adf0825

Last affected

345570109ae2dbdafe05a4270f0c710b7d53d050

Last affected

58587159f08a5349801671b486cd781baa63cb9f

Last affected

5b99ee299031d331da9d4cc393ff1c24e0c8d63b

Last affected

62b8f97f0f50b1e3a930c23aa313ca10aa48498f

Last affected

7482cf902106db2bff9e912cb67bdeea3adf5855

Last affected

75bf620ae7df0967965a02e54e01f47ea5fa6f8c

Last affected

77c0292665bc5e61d0e5108f9cd7e066381f28d3

Last affected

8b293e1be40b949b8de5d6ff7411c11416fe3d5a

Last affected

8d6636aab1c2ae892bff33fe66341eda4017cbb6

Last affected

90718ef0d958759527fa7066a7149d8151664dda

Last affected

a1efe4f35d067b93d6ff4b3850ae9b9d6d6f6e26

Last affected

a88b80195aedb70d3c351abeba8e6a0a93af339e

Last affected

abdcefb460fcbc1348ef04505a78381a2c69a643

Last affected

b49d801f241fb8088a5b7514db93fda32c58731c

Last affected

d111af1b88b53f2589d017a7cb6d068464d9bf77

Last affected

d802e2826a85a50b302f3da6770e6583822e2db8

Last affected

dd42a21f3968c165af924310fce460694803756f

Last affected

e3e2272a755a53863276850eb80dd5032f3cf571

Last affected

f440f927198c8b4959c727aec80e9b7423a4f548

Last affected

fc73f6bb2c2a65fadb4a7720af95bf9850733e60

Affected versions

v3.*

v3.1.0.RELEASE

v3.2.0.M1

v3.2.0.M2

v3.2.0.RC1

v3.2.0.RC2-A

v3.2.0.RELEASE

v3.2.1.RELEASE