EPSS
Percentile
71.7%
It was found that ResourceServlet in Spring Framework does not sanitize the paths that have been provided properly. An attacker can utilize this flaw to conduct a directory traversal attacks.
bugzilla.redhat.com/show_bug.cgi?id=1408164
pivotal.io/security/cve-2016-9878