Medium severity5.9NVD Advisory· Published Apr 6, 2018· Updated Jun 17, 2026
CVE-2018-1271
CVE-2018-1271
Description
Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to configure Spring MVC to serve static resources (e.g. CSS, JS, images). When static resources are served from a file system on Windows (as opposed to the classpath, or the ServletContext), a malicious user can send a request using a specially crafted URL that can lead a directory traversal attack.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.springframework:spring-coreMaven | >= 5.0.0, < 5.0.5 | 5.0.5 |
org.springframework:spring-coreMaven | < 4.3.15 | 4.3.15 |
Affected products
2- Spring by Pivotal/Spring Frameworkv5Range: Versions prior to 5.0.5 and 4.3.15
Patches
Vulnerability mechanics
References
21- www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.htmlnvdPatchThird Party AdvisoryWEB
- www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.htmlnvdPatchThird Party AdvisoryWEB
- www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.htmlnvdPatchThird Party AdvisoryWEB
- www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.htmlnvdPatchThird Party AdvisoryWEB
- www.securityfocus.com/bid/103699nvdThird Party AdvisoryVDB EntryWEB
- access.redhat.com/errata/RHSA-2018:1320nvdThird Party AdvisoryWEB
- access.redhat.com/errata/RHSA-2018:2669nvdThird Party AdvisoryWEB
- access.redhat.com/errata/RHSA-2018:2939nvdThird Party AdvisoryWEB
- github.com/advisories/GHSA-g8hw-794c-4j9gghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2018-1271ghsaADVISORY
- pivotal.io/security/cve-2018-1271nvdVendor AdvisoryWEB
- www.oracle.com/security-alerts/cpujul2020.htmlnvdThird Party AdvisoryWEB
- www.oracle.com/security-alerts/cpuoct2021.htmlnvdThird Party AdvisoryWEB
- github.com/spring-projects/spring-framework/commit/0e28bee0f155b9bf240b4bafc4646e4810cb23f8ghsaWEB
- github.com/spring-projects/spring-framework/commit/13356a7ee2240f740737c5c83bdccdacc30603abghsaWEB
- github.com/spring-projects/spring-framework/commit/695bf2961feffd35b5560ccc982a2189dcca611fghsaWEB
- github.com/spring-projects/spring-framework/commit/91b803a2310344d925e5d4b1709bbcea90375548ghsaWEB
- github.com/spring-projects/spring-framework/commit/98ad23bef8e2e04143f8f5b201380543a8d8c0c3ghsaWEB
- github.com/spring-projects/spring-framework/commit/b9ebdaaf3710db473a2e1fec8641c316483a22aaghsaWEB
- github.com/spring-projects/spring-framework/commit/f046a066eceefa0799d1bc89bd6e1318f39bdf69ghsaWEB
- github.com/spring-projects/spring-framework/commit/f59ea610dfcf55cd0b42f6dd76a9b3dab0218aaaghsaWEB
News mentions
0No linked articles in our index yet.