Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Directory traversal vulnerability in Spark 2.5 allows remote attackers to read arbitrary files via a .. (dot dot) in the URI.
Advisories for Maven/Com.sparkjava/Spark-Core package
2018
Path Traversal
In Spark, a remote attacker can read unintended static files via various representations of absolute or relative pathnames.