Moderate severityNVD Advisory· Published Feb 19, 2015· Updated May 6, 2026

CVE-2014-3578

Description

Directory traversal vulnerability in Pivotal Spring Framework 3.x before 3.2.9 and 4.0 before 4.0.5 allows remote attackers to read arbitrary files via a crafted URL.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
org.springframework:spring-coreMaven	>= 3.0.0, < 3.2.9	3.2.9
org.springframework:spring-coreMaven	>= 4.0.0, < 4.0.5	4.0.5

Affected products

Pivotal Software/Spring Framework
cpe:2.3:a:pivotal_software:spring_framework:*:*:*:*:*:*:*:*
Range: >=3.2.0,<3.2.9

Patches

8ee465103850

Improve StringUtils.cleanPath

https://github.com/spring-projects/spring-frameworkRossen StoyanchevMay 15, 2014via ghsa

commit

2 files changed · +8 −1

spring-core/src/main/java/org/springframework/util/StringUtils.java+6 −1 modified

@@ -622,7 +622,12 @@ public static String cleanPath(String path) {
 		String prefix = "";
 		if (prefixIndex != -1) {
 			prefix = pathToUse.substring(0, prefixIndex + 1);
-			pathToUse = pathToUse.substring(prefixIndex + 1);
+			if (prefix.contains("/")) {
+				prefix = "";
+			}
+			else {
+				pathToUse = pathToUse.substring(prefixIndex + 1);
+			}
 		}
 		if (pathToUse.startsWith(FOLDER_SEPARATOR)) {
 			prefix = prefix + FOLDER_SEPARATOR;

spring-core/src/test/java/org/springframework/util/StringUtilsTests.java+2 −0 modified

@@ -299,6 +299,8 @@ public void testCleanPath() {
 		assertEquals("../mypath/myfile", StringUtils.cleanPath("../mypath/../mypath/myfile"));
 		assertEquals("../mypath/myfile", StringUtils.cleanPath("mypath/../../mypath/myfile"));
 		assertEquals("/../mypath/myfile", StringUtils.cleanPath("/../mypath/myfile"));
+		assertEquals("/mypath/myfile", StringUtils.cleanPath("/a/:b/../../mypath/myfile"));
+		assertEquals("file:///c:/path/to/the%20file.txt", StringUtils.cleanPath("file:///c:/some/../path/to/the%20file.txt"));
 	}
 
 	public void testPathEquals() {

f6fddeb6eb7d

Improve StringUtils.cleanPath

https://github.com/spring-projects/spring-frameworkRossen StoyanchevMay 15, 2014via ghsa

commit

2 files changed · +8 −1

spring-core/src/main/java/org/springframework/util/StringUtils.java+6 −1 modified

@@ -621,7 +621,12 @@ public static String cleanPath(String path) {
 		String prefix = "";
 		if (prefixIndex != -1) {
 			prefix = pathToUse.substring(0, prefixIndex + 1);
-			pathToUse = pathToUse.substring(prefixIndex + 1);
+			if (prefix.contains("/")) {
+				prefix = "";
+			}
+			else {
+				pathToUse = pathToUse.substring(prefixIndex + 1);
+			}
 		}
 		if (pathToUse.startsWith(FOLDER_SEPARATOR)) {
 			prefix = prefix + FOLDER_SEPARATOR;

spring-core/src/test/java/org/springframework/util/StringUtilsTests.java+2 −0 modified

@@ -299,6 +299,8 @@ public void testCleanPath() {
 		assertEquals("../mypath/myfile", StringUtils.cleanPath("../mypath/../mypath/myfile"));
 		assertEquals("../mypath/myfile", StringUtils.cleanPath("mypath/../../mypath/myfile"));
 		assertEquals("/../mypath/myfile", StringUtils.cleanPath("/../mypath/myfile"));
+		assertEquals("/mypath/myfile", StringUtils.cleanPath("/a/:b/../../mypath/myfile"));
+		assertEquals("file:///c:/path/to/the%20file.txt", StringUtils.cleanPath("file:///c:/some/../path/to/the%20file.txt"));
 	}
 
 	public void testPathEquals() {

748167bfa33c

Improve StringUtils.cleanPath

https://github.com/spring-projects/spring-frameworkRossen StoyanchevMay 15, 2014via ghsa

commit

2 files changed · +8 −1

spring-core/src/main/java/org/springframework/util/StringUtils.java+6 −1 modified

@@ -622,7 +622,12 @@ public static String cleanPath(String path) {
 		String prefix = "";
 		if (prefixIndex != -1) {
 			prefix = pathToUse.substring(0, prefixIndex + 1);
-			pathToUse = pathToUse.substring(prefixIndex + 1);
+			if (prefix.contains("/")) {
+				prefix = "";
+			}
+			else {
+				pathToUse = pathToUse.substring(prefixIndex + 1);
+			}
 		}
 		if (pathToUse.startsWith(FOLDER_SEPARATOR)) {
 			prefix = prefix + FOLDER_SEPARATOR;

spring-core/src/test/java/org/springframework/util/StringUtilsTests.java+2 −0 modified

@@ -299,6 +299,8 @@ public void testCleanPath() {
 		assertEquals("../mypath/myfile", StringUtils.cleanPath("../mypath/../mypath/myfile"));
 		assertEquals("../mypath/myfile", StringUtils.cleanPath("mypath/../../mypath/myfile"));
 		assertEquals("/../mypath/myfile", StringUtils.cleanPath("/../mypath/myfile"));
+		assertEquals("/mypath/myfile", StringUtils.cleanPath("/a/:b/../../mypath/myfile"));
+		assertEquals("file:///c:/path/to/the%20file.txt", StringUtils.cleanPath("file:///c:/some/../path/to/the%20file.txt"));
 	}
 
 	public void testPathEquals() {

Vulnerability mechanics

Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

jvn.jp/en/jp/JVN49154900/index.htmlnvdThird Party AdvisoryVDB EntryWEB
jvndb.jvn.jp/jvndb/JVNDB-2014-000054nvdThird Party AdvisoryVDB EntryWEB
pivotal.io/security/cve-2014-3578nvdVendor AdvisoryWEB
rhn.redhat.com/errata/RHSA-2015-0720.htmlnvdThird Party AdvisoryWEB
www.securityfocus.com/bid/68042nvdThird Party AdvisoryVDB Entry
bugzilla.redhat.com/show_bug.cginvdIssue TrackingThird Party AdvisoryWEB
github.com/advisories/GHSA-rhcg-rwhx-qj3jghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2014-3578ghsaADVISORY
rhn.redhat.com/errata/RHSA-2015-0234.htmlnvdThird Party AdvisoryWEB
rhn.redhat.com/errata/RHSA-2015-0235.htmlnvdThird Party AdvisoryWEB
github.com/spring-projects/spring-framework/commit/748167bfa33c3c69db2d8dbdc3a0e9da692da3a0ghsaWEB
github.com/spring-projects/spring-framework/commit/8ee465103850a3dca018273fe5952e40d5c45a66ghsaWEB
github.com/spring-projects/spring-framework/commit/f6fddeb6eb7da625fd711ab371ff16512f431e8dghsaWEB
github.com/spring-projects/spring-framework/issues/16414ghsaWEB
lists.debian.org/debian-lts-announce/2019/07/msg00012.htmlnvdWEB

News mentions

No linked articles in our index yet.

cvss	0.260
epss	0.003
exploit	0.000
kev	0.000
patch	-0.070
ransomware	0.000