{"url":"http://public2.vulnerablecode.io/api/packages/52178?format=json","purl":"pkg:maven/org.springframework/spring-webmvc@4.0.4.RELEASE","type":"maven","namespace":"org.springframework","name":"spring-webmvc","version":"4.0.4.RELEASE","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"4.0.5","latest_non_vulnerable_version":"6.0.14","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/37811?format=json","vulnerability_id":"VCID-kvhz-7nfu-2kdx","summary":"Directory traversal flaw\nDirectory traversal vulnerability in this package allows remote attackers to read arbitrary files via a crafted URL.","references":[{"reference_url":"http://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000054.html","reference_id":"","reference_type":"","scores":[],"url":"http://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000054.html"},{"reference_url":"http://jvndb.jvn.jp/jvndb/JVNDB-2014-000054","reference_id":"","reference_type":"","scores":[],"url":"http://jvndb.jvn.jp/jvndb/JVNDB-2014-000054"},{"reference_url":"http://jvn.jp/en/jp/JVN49154900/index.html","reference_id":"","reference_type":"","scores":[],"url":"http://jvn.jp/en/jp/JVN49154900/index.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2015-0720.html","reference_id":"","reference_type":"","scores":[],"url":"http://rhn.redhat.com/errata/RHSA-2015-0720.html"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1131882","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1131882"},{"reference_url":"https://jira.spring.io/browse/SPR-12354","reference_id":"","reference_type":"","scores":[],"url":"https://jira.spring.io/browse/SPR-12354"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2019/07/msg00012.html","reference_id":"","reference_type":"","scores":[],"url":"https://lists.debian.org/debian-lts-announce/2019/07/msg00012.html"},{"reference_url":"https://rhn.redhat.com/errata/RHSA-2015-0234.html","reference_id":"","reference_type":"","scores":[],"url":"https://rhn.redhat.com/errata/RHSA-2015-0234.html"},{"reference_url":"https://rhn.redhat.com/errata/RHSA-2015-0235.html","reference_id":"","reference_type":"","scores":[],"url":"https://rhn.redhat.com/errata/RHSA-2015-0235.html"},{"reference_url":"http://pivotal.io/security/cve-2014-3578","reference_id":"CVE-2014-3578","reference_type":"","scores":[],"url":"http://pivotal.io/security/cve-2014-3578"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2014-3578","reference_id":"CVE-2014-3578","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2014-3578"},{"reference_url":"http://www.pivotal.io/security/cve-2014-3578","reference_id":"CVE-2014-3578","reference_type":"","scores":[],"url":"http://www.pivotal.io/security/cve-2014-3578"},{"reference_url":"https://github.com/advisories/GHSA-rhcg-rwhx-qj3j","reference_id":"GHSA-rhcg-rwhx-qj3j","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-rhcg-rwhx-qj3j"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/52180?format=json","purl":"pkg:maven/org.springframework/spring-webmvc@4.0.5.RELEASE","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-webmvc@4.0.5.RELEASE"}],"aliases":["CVE-2014-3578","GHSA-rhcg-rwhx-qj3j"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kvhz-7nfu-2kdx"}],"fixing_vulnerabilities":[],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-webmvc@4.0.4.RELEASE"}