CVE-2017-4971: Data Binding Expression Vulnerability in Spring Web Flow
Description Affected Spring Products and Versions Mitigation Credit The issue was identified by Stefano Ciccone of Gotham Digital Science References
CVE-2016-9879 Encoded "/" in path variables
Description Affected Spring Products and Versions Mitigation Credit The issue was identified by Shumpei Asahara & Yuji Ito from NTT DATA Corporation and responsibly reported to Pivotal. References http://www.securityfocus.com/archive/1/archive/1/514517/100/…
CVE-2016-9878 Directory Traversal in the Spring Framework ResourceServlet
Description Affected Spring Products and Versions Mitigation Credit The issue was identified by Shumpei Asahara & Yuji Ito from NTT DATA Corporation and responsibly reported to Pivotal. References