View at Official ubuntu advisory, NVD, CVE.org · CVE detail
Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.
CVE-2016-9878 low priority: Ubuntu including 1 source packages (libspring-java), 16 status rows across 16 suites (artful, bionic, cosmic, disco, eoan, focal, groovy, hirsute, impish, jammy, precise, trusty, upstream, xenial, yakkety, zesty): not-affected 9, ignored 4, released 3.
An issue was discovered in Pivotal Spring Framework before 3.2.18, 4.2.x before 4.2.9, and 4.3.x before 4.3.5. Paths provided to the ResourceServlet were not properly sanitized and as a result exposed to directory traversal attacks.