CVE-2018-1271

Name of the Vulnerable Software and Affected Versions Spring Framework versions 5.0 prior to 5.0.5 Spring Framework versions 4.3 prior to 4.3.15 Spring Framework older unsupported versions

Description The issue allows applications to configure Spring MVC to serve static resources. A malicious user can send a request using a specially crafted URL that can lead to a directory traversal attack when static resources are served from a file system on Windows.

Recommendations For Spring Framework versions 5.0 prior to 5.0.5, update to version 5.0.5 or later. For Spring Framework versions 4.3 prior to 4.3.15, update to version 4.3.15 or later. For Spring Framework older unsupported versions, consider upgrading to a supported version.