Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Spring_framework
(Pivotal_software)| Repositories | https://github.com/spring-projects/spring-framework |
| #Vulnerabilities | 11 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2014-01-26 | CVE-2013-6429 | The SourceHttpMessageConverter in Spring MVC in Spring Framework before 3.2.5 and 4.0.0.M1 through 4.0.0.RC1 does not disable external entity resolution, which allows remote attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via crafted XML, aka an XML External Entity (XXE) issue, and a different vulnerability than CVE-2013-4152 and CVE-2013-7315. | Spring_framework, Spring_framework | N/A |