Security Advisories

CVE-2013-6430 Possible XSS when using Spring MVC

LOW | JANUARY 14, 2014 | CVE-2013-6430

Description Affected Spring Products and Versions Mitigation Credit This issue was originally reported to the Spring Framework developers by Jon Passki and the security implications brough to the attention of the Pivotal security team by Arun Neelicattu…

CVE-2013-4152 XML eXternal Entity (XXE) injection in Spring Framework

HIGH | AUGUST 22, 2013 | CVE-2013-4152

Description Affected Spring Products and Versions Mitigation Credit These issues were identified by Alvaro Munoz of the HP Enterprise Security Team. References https://github.com/SpringSource/spring-framework/pull/317 History 2013-Aug-22: Initial vulnerability…

CVE-2013-7315 XML External Entity (XXE) injection in Spring Framework

HIGH | AUGUST 22, 2013 | CVE-2013-7315

Description Affected Spring Products and Versions Mitigation Credit These issues were identified by Alvaro Munoz of the HP Enterprise Security Team. References https://jira.springsource.org/browse/SPR-10806 History 2013-Aug-22: Initial vulnerability report…

Spring Security Advisories

CVE-2013-6430 Possible XSS when using Spring MVC

CVE-2013-4152 XML eXternal Entity (XXE) injection in Spring Framework

CVE-2013-7315 XML External Entity (XXE) injection in Spring Framework

Reporting a vulnerability

Get ahead

Get support

Upcoming events