VYPR

Maven package

org.springframework/spring-oxm

pkg:maven/org.springframework/spring-oxm

Vulnerabilities (2)

  • CVE-2013-7315Jan 23, 2014
    affected < 3.2.4.RELEASEfixed 3.2.4.RELEASE

    The Spring MVC in Spring Framework before 3.2.4 and 4.0.0.M1 through 4.0.0.M2 does not disable external entity resolution for the StAX XMLInputFactory, which allows context-dependent attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via crafte

  • CVE-2013-4152Jan 23, 2014
    affected < 3.2.4.RELEASEfixed 3.2.4.RELEASE

    The Spring OXM wrapper in Spring Framework before 3.2.4 and 4.0.0.M1, when using the JAXB marshaller, does not disable entity resolution, which allows context-dependent attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via an XML external enti