Maven package
com.sparkjava/spark-core
pkg:maven/com.sparkjava/spark-core
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2018-9159 | Med | 5.3 | < 2.7.2 | 2.7.2 | Mar 31, 2018 | In Spark before 2.7.2, a remote attacker can read unintended static files via various representations of absolute or relative pathnames, as demonstrated by file: URLs and directory traversal sequences. NOTE: this product is unrelated to Ignite Realtime Spark. | |
| CVE-2016-9177 | Hig | 7.5 | < 2.5.2 | 2.5.2 | Nov 4, 2016 | Directory traversal vulnerability in Spark 2.5 allows remote attackers to read arbitrary files via a .. (dot dot) in the URI. |
- affected < 2.7.2fixed 2.7.2
In Spark before 2.7.2, a remote attacker can read unintended static files via various representations of absolute or relative pathnames, as demonstrated by file: URLs and directory traversal sequences. NOTE: this product is unrelated to Ignite Realtime Spark.
- affected < 2.5.2fixed 2.5.2
Directory traversal vulnerability in Spark 2.5 allows remote attackers to read arbitrary files via a .. (dot dot) in the URI.