Security Advisories

CVE-2013-6429 Fix for XML External Entity (XXE) Injection (CVE-2013-7315) in Spring Framework was Incomplete

HIGH | JANUARY 14, 2014 | CVE-2013-6429

Description Affected Spring Products and Versions Mitigation Credit This issue was identified by the Spring development team. References https://jira.springsource.org/browse/SPR-11078 History 2014-Jan-15: Initial vulnerability report. 2014-Jun-19: Update to…

CVE-2013-4152 XML eXternal Entity (XXE) injection in Spring Framework

HIGH | AUGUST 22, 2013 | CVE-2013-4152

Description Affected Spring Products and Versions Mitigation Credit These issues were identified by Alvaro Munoz of the HP Enterprise Security Team. References https://github.com/SpringSource/spring-framework/pull/317 History 2013-Aug-22: Initial vulnerability…

CVE-2013-7315 XML External Entity (XXE) injection in Spring Framework

HIGH | AUGUST 22, 2013 | CVE-2013-7315

Description Affected Spring Products and Versions Mitigation Credit These issues were identified by Alvaro Munoz of the HP Enterprise Security Team. References https://jira.springsource.org/browse/SPR-10806 History 2013-Aug-22: Initial vulnerability report…

Spring Security Advisories

CVE-2013-6429 Fix for XML External Entity (XXE) Injection (CVE-2013-7315) in Spring Framework was Incomplete

CVE-2013-4152 XML eXternal Entity (XXE) injection in Spring Framework

CVE-2013-7315 XML External Entity (XXE) injection in Spring Framework

Reporting a vulnerability

Get ahead

Get support

Upcoming events