Maven package
org.springframework/spring-oxm
pkg:maven/org.springframework/spring-oxm
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2013-7315 | — | < 3.2.4.RELEASE | 3.2.4.RELEASE | Jan 23, 2014 | The Spring MVC in Spring Framework before 3.2.4 and 4.0.0.M1 through 4.0.0.M2 does not disable external entity resolution for the StAX XMLInputFactory, which allows context-dependent attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via crafte | ||
| CVE-2013-4152 | — | < 3.2.4.RELEASE | 3.2.4.RELEASE | Jan 23, 2014 | The Spring OXM wrapper in Spring Framework before 3.2.4 and 4.0.0.M1, when using the JAXB marshaller, does not disable entity resolution, which allows context-dependent attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via an XML external enti |
- CVE-2013-7315Jan 23, 2014affected < 3.2.4.RELEASEfixed 3.2.4.RELEASE
The Spring MVC in Spring Framework before 3.2.4 and 4.0.0.M1 through 4.0.0.M2 does not disable external entity resolution for the StAX XMLInputFactory, which allows context-dependent attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via crafte
- CVE-2013-4152Jan 23, 2014affected < 3.2.4.RELEASEfixed 3.2.4.RELEASE
The Spring OXM wrapper in Spring Framework before 3.2.4 and 4.0.0.M1, when using the JAXB marshaller, does not disable entity resolution, which allows context-dependent attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via an XML external enti