Bug#769698: libspring-java: CVE-2014-3625 Directory Traversal in Spring Framework
bastien ROUCARIÈS
roucaries.bastien+debian at gmail.com
Sat Nov 15 16:54:19 UTC 2014
Source: libspring-java
Version: 3.0.0
Severity: serious
Tags: security
Justification: must
According to https://github.com/spring-projects/spring-framework/commit/3f68cd versions affected include 3.0.0 to 3.2.11
The feature of '<mvc:resources/> ' seems to be introduced in 3.0.4 ( http://docs.spring.io/spring/d... ).
Bastien
More information about the pkg-java-maintainers
mailing list