Spring Security Advisories

This page lists Spring advisories.

CVE-2013-7315 XML External Entity (XXE) injection in Spring Framework

HIGH | AUGUST 22, 2013 | CVE-2013-7315

Description Affected Spring Products and Versions Mitigation Credit These issues were identified by Alvaro Munoz of the HP Enterprise Security Team. References https://jira.springsource.org/browse/SPR-10806 History 2013-Aug-22: Initial vulnerability report…

CVE-2013-4152 XML eXternal Entity (XXE) injection in Spring Framework

HIGH | AUGUST 22, 2013 | CVE-2013-4152

Description Affected Spring Products and Versions Mitigation Credit These issues were identified by Alvaro Munoz of the HP Enterprise Security Team. References https://github.com/SpringSource/spring-framework/pull/317 History 2013-Aug-22: Initial vulnerability…

1
…
21
22
23
24
25
26
27
28
29

Reporting a vulnerability

To report a security vulnerability for a project within the Spring portfolio, see the Security Policy