1
Candidate: CVE-2018-1271
4
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1271
5
https://pivotal.io/security/cve-2018-1271
7
Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to
8
4.3.15 and older unsupported versions, allow applications to configure
9
Spring MVC to serve static resources (e.g. CSS, JS, images). When static
10
resources are served from a file system on Windows (as opposed to the
11
classpath, or the ServletContext), a malicious user can send a request
12
using a specially crafted URL that can lead a directory traversal attack.
21
Patches_libspring-java:
22
upstream_libspring-java: needs-triage
23
precise/esm_libspring-java: DNE
24
trusty_libspring-java: needs-triage
25
xenial_libspring-java: needs-triage
26
artful_libspring-java: needs-triage
27
bionic_libspring-java: needs-triage
28
devel_libspring-java: needs-triage