com.sparkjava:spark-core@2.5.3 vulnerabilities

Direct Vulnerabilities

Known vulnerabilities in the com.sparkjava:spark-core package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • M
Information Exposure

com.sparkjava:spark-core is a web framework for java.

Affected versions of this package are vulnerable to Information Exposure. A remote attacker can read unintended static files via various epresentations of absolute or relative pathnames.

NOTE: this product is unrelated to Ignite Realtime Spark.

How to fix Information Exposure?

Upgrade com.sparkjava:spark-core to version 2.7.2 or higher.

[,2.7.2)
  • H
Directory Traversal

com.sparkjava:spark-core is a web framework for java.

Affected versions of this package are vulnerable to Directory Traversal. A remote attacker could use this flaw to read arbitrary files that are accessible to the user running the process.

How to fix Directory Traversal?

Upgrade com.sparkjava:spark-core to version 2.7.2 or higher.

[,2.7.2)