[DepShield] Usage of org.springframework:spring-webmvc:3.2.4.RELEASE results in vulnerability to [CVE-2016-9878] Improper Limitation of a Pathname to a Restricted Directory ("Path Traversal")

Question

[DepShield] Usage of org.springframework:spring-webmvc:3.2.4.RELEASE results in vulnerability to [CVE-2016-9878] Improper Limitation of a Pathname to a Restricted Directory ("Path Traversal")

sonatype-depshield opened this issue 6 years ago · 1 comments

sonatype-depshield commented 6 years ago

This application's usage of org.springframework:spring-webmvc:3.2.4.RELEASE causes a vulnerability to [CVE-2016-9878] Improper Limitation of a Pathname to a Restricted Directory ("Path Traversal") with a CVSS score of 7.5. Details about the vulnerability are available on the OSS Index page for [CVE-2016-9878] Improper Limitation of a Pathname to a Restricted Directory ("Path Traversal").

_{This is an automated GitHub Issue created by Sonatype DepShield. GitHub Apps, including DepShield, can be managed from the Developer settings of the repository administrators.}

Answer 1 · 2018-11-08T20:42:26.000Z

Thank you for being an early adopter of DepShield. In an effort provide a
more component-centric view of vulnerabilities we are consolidating your
issue(s), moving them to a new format, and closing this issue. You can
find the new issue here: #71