{ "affected": [ { "database_specific": { "unresolved_ranges": [ { "events": [ { "introduced": "0" }, { "last_affected": "12.5.0.3" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "13.1.0.1" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "13.2.0.1" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "13.3.0.1" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "1.6.0" } ] }, { "events": [ { "introduced": "0" }, { "fixed": "8.3" } ] }, { "events": [ { "introduced": "0" }, { "fixed": "10.2.1" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "12.5.0" } ] }, { "events": [ { "introduced": "0" }, { "fixed": "6.1.0.4.0" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "12.2.2" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "12.3.3" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "12.2.0.1" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "12.3.1.1" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "12.3.2.1" } ] }, { "events": [ { "introduced": "11.0.0" }, { "last_affected": "11.3.1" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "10.1.1" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "10.2" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "10.2.1" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "10.0" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "10.1" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "10.2" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "11.0" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "11.1" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "15.2" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "16.2" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "17.12" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "12.1" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "12.2" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "14.0" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "14.1" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "14.0" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "14.1" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "15.0" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "16.0" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "14.0.1" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "14.0.2" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "14.0.3" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "14.0.4" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "14.1.1" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "14.1.2" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "14.1.3" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "15.0.0.1" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "15.0.1" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "15.0.2" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "16.0" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "16.0.1" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "16.0.2" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "15.0" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "16.0" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "14.0" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "14.1" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "14.0" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "14.1" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "15.0" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "16.0" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "14.0" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "14.1" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "7.1" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "12.1.3.0.0" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "12.2.2.0.0" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "8.4" } ] } ] }, "ranges": [ { "database_specific": { "versions": [ { "introduced": "4.3.0" }, { "fixed": "4.3.15" }, { "introduced": "5.0.0" }, { "fixed": "5.0.5" }, { "introduced": "0" }, { "fixed": "7.0.0.1" }, { "introduced": "0" }, { "last_affected": "3.0" }, { "introduced": "0" }, { "last_affected": "3.0" }, { "introduced": "0" }, { "last_affected": "4.0" }, { "introduced": "0" }, { "last_affected": "5.3.0" }, { "introduced": "0" }, { "last_affected": "6.0.0" }, { "introduced": "0" }, { "last_affected": "6.0.1" }, { "introduced": "0" }, { "last_affected": "5.1" }, { "introduced": "0" }, { "last_affected": "5.2" } ] }, "events": [ { "introduced": "b49d801f241fb8088a5b7514db93fda32c58731c" }, { "fixed": "89932891ec67df1f716e65f09826f2647baf2f17" }, { "introduced": "f4f990b2c900a9b325fd0770d9064a188d073253" }, { "fixed": "4b9bc50fd057bb20278dc137820159f600cce324" }, { "introduced": "0" }, { "fixed": "3767abea3a9ec4b76257c1f98d65bd9da57afd28" }, { "introduced": "0" }, { "last_affected": "30604ae861d378669a9719918f3068dadcc5aed5" }, { "introduced": "0" }, { "last_affected": "30604ae861d378669a9719918f3068dadcc5aed5" }, { "introduced": "0" }, { "last_affected": "299f8b15ad1f74ca769b396d915e8369623279f2" }, { "introduced": "0" }, { "last_affected": "5acffaa72da10ba42fe547eeea44d8615cbf99b9" }, { "introduced": "0" }, { "last_affected": "5a30a43b753a971ac8bf4005a8ccddeaff439d7e" }, { "introduced": "0" }, { "last_affected": "9d37de186ce38a24bff1132c02a4007335639c1b" }, { "introduced": "0" }, { "last_affected": "f07eed2b28b4b51e4f2167f2ec6cd4d8bd9295ad" }, { "introduced": "0" }, { "last_affected": "927b8c15ef20eaaa4002d4b2170cc536a6d6aa35" } ], "repo": "https://github.com/spring-projects/spring-framework", "type": "GIT" } ] } ], "details": "Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to configure Spring MVC to serve static resources (e.g. CSS, JS, images). When static resources are served from a file system on Windows (as opposed to the classpath, or the ServletContext), a malicious user can send a request using a specially crafted URL that can lead a directory traversal attack.", "id": "CVE-2018-1271", "modified": "2026-04-01T23:09:08.226969614Z", "published": "2018-04-06T13:29:00.500Z", "references": [ { "type": "ADVISORY", "url": "http://www.securityfocus.com/bid/103699" }, { "type": "ADVISORY", "url": "https://access.redhat.com/errata/RHSA-2018:1320" }, { "type": "ADVISORY", "url": "https://access.redhat.com/errata/RHSA-2018:2669" }, { "type": "ADVISORY", "url": "https://access.redhat.com/errata/RHSA-2018:2939" }, { "type": "ADVISORY", "url": "https://www.oracle.com/security-alerts/cpujul2020.html" }, { "type": "ADVISORY", "url": "https://pivotal.io/security/cve-2018-1271" }, { "type": "ADVISORY", "url": "https://www.oracle.com/security-alerts/cpuoct2021.html" }, { "type": "FIX", "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html" }, { "type": "FIX", "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" }, { "type": "FIX", "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html" }, { "type": "FIX", "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" } ], "severity": [ { "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "type": "CVSS_V3" } ] }