Spring Security Advisories

RSS feed

This page lists Spring advisories.

CVE-2019-3772: XML External Entity Injection (XXE)

CRITICAL | JANUARY 14, 2019 | CVE-2019-3772
Description Affected Spring Products and Versions Mitigation References https://www.owasp.org/index.php/XML_External_Entity_(XXE)_Prevention_Cheat_Sheet History 2019-01-14: Initial vulnerability report published.

CVE-2019-3774: XML External Entity Injection (XXE)

CRITICAL | JANUARY 14, 2019 | CVE-2019-3774
Description Affected Spring Products and Versions Mitigation References https://www.owasp.org/index.php/XML_External_Entity_(XXE)_Prevention_Cheat_Sheet History 2019-01-14: Initial vulnerability report published.

CVE-2019-3773: XML External Entity Injection (XXE)

CRITICAL | JANUARY 14, 2019 | CVE-2019-3773
Description Affected Spring Products and Versions Mitigation References https://www.owasp.org/index.php/XML_External_Entity_(XXE)_Prevention_Cheat_Sheet History 2019-01-14: Initial vulnerability report published.

CVE-2018-1263: Unsafe Unzip with spring-integration-zip

CRITICAL | MAY 11, 2018 | CVE-2018-1263
Description Affected Spring Products and Versions Mitigation Credit This issue was identified and responsibly reported by the Snyk Security Research Team and Abago Forgans. History 2018-05-11: Initial vulnerability report published

Reporting a vulnerability

To report a security vulnerability for a project within the Spring portfolio, see the Security Policy

Get ahead

VMware offers training and certification to turbo-charge your progress.

Learn more

Get support

Tanzu Spring offers support and binaries for OpenJDK™, Spring, and Apache Tomcat® in one simple subscription.

Learn more

Upcoming events

Check out all the upcoming events in the Spring community.

View all