Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:maven/org.springframework/spring-web@3.2.1.RELEASE

Type maven

Namespace org.springframework

Name spring-web

Version 3.2.1.RELEASE

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 6.1.12

Latest_non_vulnerable_version 6.2.8

Affected_by_vulnerabilities

url VCID-2nff-p7we-tuax

vulnerability_id VCID-2nff-p7we-tuax

summary Pivotal Spring Framework before 3.2.14 and 4.x before 4.1.7 do not properly process inline DTD declarations when DTD is not entirely disabled, which allows remote attackers to cause a denial of service (memory consumption and out-of-memory errors) via a crafted XML file.

references

reference_url

http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162015.html

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162015.html

reference_url

http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162017.html

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162017.html

reference_url

http://rhn.redhat.com/errata/RHSA-2016-1592.html

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://rhn.redhat.com/errata/RHSA-2016-1592.html

reference_url

http://rhn.redhat.com/errata/RHSA-2016-1593.html

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://rhn.redhat.com/errata/RHSA-2016-1593.html

reference_url

http://rhn.redhat.com/errata/RHSA-2016-2035.html

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://rhn.redhat.com/errata/RHSA-2016-2035.html

reference_url

http://rhn.redhat.com/errata/RHSA-2016-2036.html

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://rhn.redhat.com/errata/RHSA-2016-2036.html

reference_url

https://access.redhat.com/errata/RHSA-2016:1218

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2016:1218

reference_url

https://access.redhat.com/errata/RHSA-2016:1219

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2016:1219

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-3192.json

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-3192.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2015-3192

reference_id

reference_type

scores

value	0.01378
scoring_system	epss
scoring_elements	0.80294
published_at	2026-04-21T12:55:00Z

value	0.01378
scoring_system	epss
scoring_elements	0.80206
published_at	2026-04-01T12:55:00Z

value	0.01378
scoring_system	epss
scoring_elements	0.80214
published_at	2026-04-02T12:55:00Z

value	0.01378
scoring_system	epss
scoring_elements	0.80234
published_at	2026-04-04T12:55:00Z

value	0.01378
scoring_system	epss
scoring_elements	0.80222
published_at	2026-04-07T12:55:00Z

value	0.01378
scoring_system	epss
scoring_elements	0.80251
published_at	2026-04-08T12:55:00Z

value	0.01378
scoring_system	epss
scoring_elements	0.80261
published_at	2026-04-09T12:55:00Z

value	0.01378
scoring_system	epss
scoring_elements	0.80279
published_at	2026-04-11T12:55:00Z

value	0.01378
scoring_system	epss
scoring_elements	0.80264
published_at	2026-04-12T12:55:00Z

value	0.01378
scoring_system	epss
scoring_elements	0.80258
published_at	2026-04-13T12:55:00Z

value	0.01378
scoring_system	epss
scoring_elements	0.80288
published_at	2026-04-16T12:55:00Z

value	0.01378
scoring_system	epss
scoring_elements	0.8029
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2015-3192

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3192
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3192

reference_url

https://github.com/spring-projects/spring-framework

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/spring-projects/spring-framework

reference_url

https://github.com/spring-projects/spring-framework/commit/0411435bac835de88a80a64b3f67b1b89244e907

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/spring-projects/spring-framework/commit/0411435bac835de88a80a64b3f67b1b89244e907

reference_url

https://github.com/spring-projects/spring-framework/commit/38b8262e1e2db9be9d2171d81547da5c65ba7e09

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/spring-projects/spring-framework/commit/38b8262e1e2db9be9d2171d81547da5c65ba7e09

reference_url	https://github.com/spring-projects/spring-framework/commit/5a711c05ec750f069235597173084c2ee796242
reference_id
reference_type
scores
url	https://github.com/spring-projects/spring-framework/commit/5a711c05ec750f069235597173084c2ee796242

reference_url

https://github.com/spring-projects/spring-framework/commit/5a711c05ec750f069235597173084c2ee7962424

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/spring-projects/spring-framework/commit/5a711c05ec750f069235597173084c2ee7962424

reference_url

https://github.com/spring-projects/spring-framework/commit/9c3580d04e84d25a90ef4c249baee1b4e02df15e

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/spring-projects/spring-framework/commit/9c3580d04e84d25a90ef4c249baee1b4e02df15e

reference_url

https://github.com/spring-projects/spring-framework/commit/d79ec68db40c381b8e205af52748ebd3163ee33b

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/spring-projects/spring-framework/commit/d79ec68db40c381b8e205af52748ebd3163ee33b

reference_url

https://github.com/spring-projects/spring-framework/commit/e4651d6b50c5bc85c84ff537859c212ac4e33434

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/spring-projects/spring-framework/commit/e4651d6b50c5bc85c84ff537859c212ac4e33434

reference_url

https://github.com/spring-projects/spring-framework/issues/17727

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/spring-projects/spring-framework/issues/17727

reference_url

https://github.com/spring-projects/spring-framework/issues/20352

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/spring-projects/spring-framework/issues/20352

reference_url

https://jira.spring.io/browse/SPR-13136

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://jira.spring.io/browse/SPR-13136

reference_url

https://jira.spring.io/browse/SPR-13136?redirect=false

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://jira.spring.io/browse/SPR-13136?redirect=false

reference_url

https://lists.debian.org/debian-lts-announce/2019/07/msg00012.html

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2019/07/msg00012.html

reference_url

https://spring.io/security/cve-2015-3192

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://spring.io/security/cve-2015-3192

reference_url

http://www.securityfocus.com/bid/90853

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.securityfocus.com/bid/90853

reference_url

http://www.securitytracker.com/id/1036587

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.securitytracker.com/id/1036587

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1239002
reference_id	1239002
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1239002

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=796137
reference_id	796137
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=796137

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:pivotal_software:spring_framework:3.2.0:::::::*
reference_id	cpe:2.3:a:pivotal_software:spring_framework:3.2.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:pivotal_software:spring_framework:3.2.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:pivotal_software:spring_framework:4.1.0:::::::*
reference_id	cpe:2.3:a:pivotal_software:spring_framework:4.1.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:pivotal_software:spring_framework:4.1.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:spring_framework:3.2.1:::::::*
reference_id	cpe:2.3:a:vmware:spring_framework:3.2.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:spring_framework:3.2.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:spring_framework:3.2.10:::::::*
reference_id	cpe:2.3:a:vmware:spring_framework:3.2.10:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:spring_framework:3.2.10:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:spring_framework:3.2.11:::::::*
reference_id	cpe:2.3:a:vmware:spring_framework:3.2.11:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:spring_framework:3.2.11:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:spring_framework:3.2.12:::::::*
reference_id	cpe:2.3:a:vmware:spring_framework:3.2.12:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:spring_framework:3.2.12:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:spring_framework:3.2.13:::::::*
reference_id	cpe:2.3:a:vmware:spring_framework:3.2.13:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:spring_framework:3.2.13:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:spring_framework:3.2.2:::::::*
reference_id	cpe:2.3:a:vmware:spring_framework:3.2.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:spring_framework:3.2.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:spring_framework:3.2.3:::::::*
reference_id	cpe:2.3:a:vmware:spring_framework:3.2.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:spring_framework:3.2.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:spring_framework:3.2.4:::::::*
reference_id	cpe:2.3:a:vmware:spring_framework:3.2.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:spring_framework:3.2.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:spring_framework:3.2.5:::::::*
reference_id	cpe:2.3:a:vmware:spring_framework:3.2.5:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:spring_framework:3.2.5:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:spring_framework:3.2.6:::::::*
reference_id	cpe:2.3:a:vmware:spring_framework:3.2.6:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:spring_framework:3.2.6:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:spring_framework:3.2.7:::::::*
reference_id	cpe:2.3:a:vmware:spring_framework:3.2.7:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:spring_framework:3.2.7:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:spring_framework:3.2.8:::::::*
reference_id	cpe:2.3:a:vmware:spring_framework:3.2.8:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:spring_framework:3.2.8:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:spring_framework:3.2.9:::::::*
reference_id	cpe:2.3:a:vmware:spring_framework:3.2.9:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:spring_framework:3.2.9:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:spring_framework:4.1.1:::::::*
reference_id	cpe:2.3:a:vmware:spring_framework:4.1.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:spring_framework:4.1.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:spring_framework:4.1.2:::::::*
reference_id	cpe:2.3:a:vmware:spring_framework:4.1.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:spring_framework:4.1.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:spring_framework:4.1.3:::::::*
reference_id	cpe:2.3:a:vmware:spring_framework:4.1.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:spring_framework:4.1.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:spring_framework:4.1.4:::::::*
reference_id	cpe:2.3:a:vmware:spring_framework:4.1.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:spring_framework:4.1.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:spring_framework:4.1.5:::::::*
reference_id	cpe:2.3:a:vmware:spring_framework:4.1.5:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:spring_framework:4.1.5:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:spring_framework:4.1.6:::::::*
reference_id	cpe:2.3:a:vmware:spring_framework:4.1.6:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:spring_framework:4.1.6:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:21:::::::*
reference_id	cpe:2.3:o:fedoraproject:fedora:21:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:21:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:22:::::::*
reference_id	cpe:2.3:o:fedoraproject:fedora:22:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:22:::::::*

reference_url	http://pivotal.io/security/cve-2015-3192
reference_id	CVE-2015-3192
reference_type
scores
url	http://pivotal.io/security/cve-2015-3192

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2015-3192

reference_id

CVE-2015-3192

reference_type

scores

value	4.3
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:N/I:N/A:P

value	5.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2015-3192

reference_url

https://github.com/advisories/GHSA-6v7w-535j-rq5m

reference_id

GHSA-6v7w-535j-rq5m

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/advisories/GHSA-6v7w-535j-rq5m

reference_url	https://access.redhat.com/errata/RHSA-2016:1592
reference_id	RHSA-2016:1592
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2016:1592

reference_url	https://access.redhat.com/errata/RHSA-2016:1593
reference_id	RHSA-2016:1593
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2016:1593

reference_url	https://access.redhat.com/errata/RHSA-2016:2035
reference_id	RHSA-2016:2035
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2016:2035

reference_url	https://access.redhat.com/errata/RHSA-2016:2036
reference_id	RHSA-2016:2036
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2016:2036

reference_url	https://usn.ubuntu.com/USN-4774-1/
reference_id	USN-USN-4774-1
reference_type
scores
url	https://usn.ubuntu.com/USN-4774-1/

fixed_packages

url	pkg:maven/org.springframework/spring-web@3.2.14
purl	pkg:maven/org.springframework/spring-web@3.2.14
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-web@3.2.14

url pkg:maven/org.springframework/spring-web@3.2.14.RELEASE

purl pkg:maven/org.springframework/spring-web@3.2.14.RELEASE

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5ng1-3a32-cugs

vulnerability	VCID-ec6g-dnjb-vycb

vulnerability	VCID-kpma-e8rd-b7c8

vulnerability	VCID-x5w8-j62d-m7h6

vulnerability	VCID-y3uz-etva-sufh

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-web@3.2.14.RELEASE

url	pkg:maven/org.springframework/spring-web@4.1.7
purl	pkg:maven/org.springframework/spring-web@4.1.7
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-web@4.1.7

url pkg:maven/org.springframework/spring-web@4.1.7.RELEASE

purl pkg:maven/org.springframework/spring-web@4.1.7.RELEASE

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5ng1-3a32-cugs

vulnerability	VCID-ec6g-dnjb-vycb

vulnerability	VCID-kpma-e8rd-b7c8

vulnerability	VCID-x5w8-j62d-m7h6

vulnerability	VCID-y3uz-etva-sufh

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-web@4.1.7.RELEASE

url	pkg:maven/org.springframework/spring-web@5.0.0.RC3
purl	pkg:maven/org.springframework/spring-web@5.0.0.RC3
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-web@5.0.0.RC3

aliases CVE-2015-3192, GHSA-6v7w-535j-rq5m

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2nff-p7we-tuax

url VCID-5ng1-3a32-cugs

vulnerability_id VCID-5ng1-3a32-cugs

summary

Spring Framework URL Parsing with Host Validation
Applications that use UriComponentsBuilder to parse an externally provided URL (e.g. through a query parameter) AND perform validation checks on the host of the parsed URL may be vulnerable to a  open redirect https://cwe.mitre.org/data/definitions/601.html  attack or to a SSRF attack if the URL is used after passing validation checks.

This is the same as  CVE-2024-22259 https://spring.io/security/cve-2024-22259  and  CVE-2024-22243 https://spring.io/security/cve-2024-22243 , but with different input.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-22262.json

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-22262.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-22262

reference_id

reference_type

scores

value	0.12634
scoring_system	epss
scoring_elements	0.93992
published_at	2026-04-21T12:55:00Z

value	0.12634
scoring_system	epss
scoring_elements	0.93952
published_at	2026-04-04T12:55:00Z

value	0.12634
scoring_system	epss
scoring_elements	0.9397
published_at	2026-04-13T12:55:00Z

value	0.12634
scoring_system	epss
scoring_elements	0.93967
published_at	2026-04-09T12:55:00Z

value	0.12634
scoring_system	epss
scoring_elements	0.93964
published_at	2026-04-08T12:55:00Z

value	0.12634
scoring_system	epss
scoring_elements	0.93955
published_at	2026-04-07T12:55:00Z

value	0.12634
scoring_system	epss
scoring_elements	0.93943
published_at	2026-04-02T12:55:00Z

value	0.12634
scoring_system	epss
scoring_elements	0.93991
published_at	2026-04-18T12:55:00Z

value	0.12634
scoring_system	epss
scoring_elements	0.93985
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-22262

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-22262
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-22262

reference_url

https://github.com/spring-projects/spring-framework

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/spring-projects/spring-framework

reference_url

https://github.com/spring-projects/spring-framework/blob/main/spring-web/src/main/java/org/springframework/web/util/UriComponentsBuilder.java

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/spring-projects/spring-framework/blob/main/spring-web/src/main/java/org/springframework/web/util/UriComponentsBuilder.java

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2024-22262

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2024-22262

reference_url

https://security.netapp.com/advisory/ntap-20240524-0003

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20240524-0003

reference_url

https://spring.io/security/cve-2024-22262

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-08-27T03:55:13Z/

url

https://spring.io/security/cve-2024-22262

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2275257
reference_id	2275257
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2275257

reference_url

https://github.com/advisories/GHSA-2wrp-6fg6-hmc5

reference_id

GHSA-2wrp-6fg6-hmc5

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-2wrp-6fg6-hmc5

reference_url

https://security.netapp.com/advisory/ntap-20240524-0003/

reference_id

ntap-20240524-0003

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-08-27T03:55:13Z/

url

https://security.netapp.com/advisory/ntap-20240524-0003/

reference_url	https://access.redhat.com/errata/RHSA-2024:3708
reference_id	RHSA-2024:3708
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:3708

fixed_packages

url pkg:maven/org.springframework/spring-web@5.3.34

purl pkg:maven/org.springframework/spring-web@5.3.34

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-kpma-e8rd-b7c8

vulnerability	VCID-x5w8-j62d-m7h6

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-web@5.3.34

url pkg:maven/org.springframework/spring-web@6.0.19

purl pkg:maven/org.springframework/spring-web@6.0.19

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-x5w8-j62d-m7h6

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-web@6.0.19

url pkg:maven/org.springframework/spring-web@6.1.6

purl pkg:maven/org.springframework/spring-web@6.1.6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-x5w8-j62d-m7h6

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-web@6.1.6

aliases CVE-2024-22262, GHSA-2wrp-6fg6-hmc5

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5ng1-3a32-cugs

url VCID-asmf-3c71-gqcb

vulnerability_id VCID-asmf-3c71-gqcb

summary The JavaScriptUtils.javaScriptEscape method in web/util/JavaScriptUtils.java in Spring MVC in Spring Framework before 3.2.2 does not properly escape certain characters, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a (1) line separator or (2) paragraph separator Unicode character or (3) left or (4) right angle bracket.

references

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-6430.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-6430.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2013-6430

reference_id

reference_type

scores

value	0.00315
scoring_system	epss
scoring_elements	0.54513
published_at	2026-04-01T12:55:00Z

value	0.00315
scoring_system	epss
scoring_elements	0.54616
published_at	2026-04-21T12:55:00Z

value	0.00315
scoring_system	epss
scoring_elements	0.54637
published_at	2026-04-18T12:55:00Z

value	0.00315
scoring_system	epss
scoring_elements	0.54635
published_at	2026-04-16T12:55:00Z

value	0.00315
scoring_system	epss
scoring_elements	0.54597
published_at	2026-04-13T12:55:00Z

value	0.00315
scoring_system	epss
scoring_elements	0.54619
published_at	2026-04-12T12:55:00Z

value	0.00315
scoring_system	epss
scoring_elements	0.54636
published_at	2026-04-11T12:55:00Z

value	0.00315
scoring_system	epss
scoring_elements	0.54623
published_at	2026-04-09T12:55:00Z

value	0.00315
scoring_system	epss
scoring_elements	0.54628
published_at	2026-04-08T12:55:00Z

value	0.00315
scoring_system	epss
scoring_elements	0.54577
published_at	2026-04-07T12:55:00Z

value	0.00315
scoring_system	epss
scoring_elements	0.54607
published_at	2026-04-04T12:55:00Z

value	0.00315
scoring_system	epss
scoring_elements	0.54583
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2013-6430

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6429
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6429

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6430
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6430

reference_url

https://github.com/spring-projects/spring-framework

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/spring-projects/spring-framework

reference_url

https://github.com/spring-projects/spring-framework/commit/7a7df6637478607bef0277bf52a4e0a03e20a248

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/spring-projects/spring-framework/commit/7a7df6637478607bef0277bf52a4e0a03e20a248

reference_url

https://github.com/spring-projects/spring-framework/commit/9982b4c01a8c7be0961e58b58ed83731c40449ff

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/spring-projects/spring-framework/commit/9982b4c01a8c7be0961e58b58ed83731c40449ff

reference_url

https://github.com/spring-projects/spring-framework/commit/f5c9fe69a444607af667911bd4c5074b5b073e7b

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/spring-projects/spring-framework/commit/f5c9fe69a444607af667911bd4c5074b5b073e7b

reference_url

https://github.com/spring-projects/spring-framework/issues/14617

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/spring-projects/spring-framework/issues/14617

reference_url

https://jira.spring.io/browse/SPR-9983?redirect=false

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://jira.spring.io/browse/SPR-9983?redirect=false

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1039783
reference_id	1039783
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1039783

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=735420
reference_id	735420
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=735420

reference_url	https://bugzilla.redhat.com/CVE-2013-6430
reference_id	CVE-2013-6430
reference_type
scores
url	https://bugzilla.redhat.com/CVE-2013-6430

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2013-6430

reference_id

CVE-2013-6430

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2013-6430

reference_url

https://spring.io/security/cve-2013-6430

reference_id

CVE-2013-6430

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://spring.io/security/cve-2013-6430

reference_url	http://www.gopivotal.com/security/cve-2013-6430
reference_id	CVE-2013-6430
reference_type
scores
url	http://www.gopivotal.com/security/cve-2013-6430

reference_url

https://github.com/advisories/GHSA-xjrf-8x4f-43h4

reference_id

GHSA-xjrf-8x4f-43h4

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-xjrf-8x4f-43h4

reference_url	https://access.redhat.com/errata/RHSA-2014:0400
reference_id	RHSA-2014:0400
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2014:0400

reference_url	https://access.redhat.com/errata/RHSA-2014:0401
reference_id	RHSA-2014:0401
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2014:0401

fixed_packages

url pkg:maven/org.springframework/spring-web@3.2.2.RELEASE

purl pkg:maven/org.springframework/spring-web@3.2.2.RELEASE

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2nff-p7we-tuax

vulnerability	VCID-5ng1-3a32-cugs

vulnerability	VCID-ec6g-dnjb-vycb

vulnerability	VCID-eer8-apxc-2ue6

vulnerability	VCID-kpma-e8rd-b7c8

vulnerability	VCID-mvx7-2y3s-fbbb

vulnerability	VCID-r384-aque-vqcw

vulnerability	VCID-x5w8-j62d-m7h6

vulnerability	VCID-y3uz-etva-sufh

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-web@3.2.2.RELEASE

aliases CVE-2013-6430, GHSA-xjrf-8x4f-43h4

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-asmf-3c71-gqcb

url VCID-ec6g-dnjb-vycb

vulnerability_id VCID-ec6g-dnjb-vycb

summary Under some situations, the Spring Framework 4.2.0 to 4.2.1, 4.0.0 to 4.1.7, 3.2.0 to 3.2.14 and older unsupported versions is vulnerable to a Reflected File Download (RFD) attack. The attack involves a malicious user crafting a URL with a batch script extension that results in the response being downloaded rather than rendered and also includes some input reflected in the response.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2015-5211

reference_id

reference_type

scores

value	0.01918
scoring_system	epss
scoring_elements	0.83266
published_at	2026-04-01T12:55:00Z

value	0.01918
scoring_system	epss
scoring_elements	0.83373
published_at	2026-04-21T12:55:00Z

value	0.01918
scoring_system	epss
scoring_elements	0.83371
published_at	2026-04-18T12:55:00Z

value	0.01918
scoring_system	epss
scoring_elements	0.8337
published_at	2026-04-16T12:55:00Z

value	0.01918
scoring_system	epss
scoring_elements	0.83335
published_at	2026-04-13T12:55:00Z

value	0.01918
scoring_system	epss
scoring_elements	0.83339
published_at	2026-04-12T12:55:00Z

value	0.01918
scoring_system	epss
scoring_elements	0.83345
published_at	2026-04-11T12:55:00Z

value	0.01918
scoring_system	epss
scoring_elements	0.8333
published_at	2026-04-09T12:55:00Z

value	0.01918
scoring_system	epss
scoring_elements	0.83321
published_at	2026-04-08T12:55:00Z

value	0.01918
scoring_system	epss
scoring_elements	0.83297
published_at	2026-04-07T12:55:00Z

value	0.01918
scoring_system	epss
scoring_elements	0.83283
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2015-5211

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5211
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5211

reference_url

https://github.com/spring-projects/spring-framework

reference_id

reference_type

scores

value	8.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/spring-projects/spring-framework

reference_url

https://github.com/spring-projects/spring-framework/commit/03f547eb9868f48f44d59b56067d4ac4740672c3

reference_id

reference_type

scores

value	8.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/spring-projects/spring-framework/commit/03f547eb9868f48f44d59b56067d4ac4740672c3

reference_url

https://github.com/spring-projects/spring-framework/commit/2bd1daa75ee0b8ec33608ca6ab065ef3e1815543

reference_id

reference_type

scores

value	8.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/spring-projects/spring-framework/commit/2bd1daa75ee0b8ec33608ca6ab065ef3e1815543

reference_url

https://github.com/spring-projects/spring-framework/commit/a95c3d820dbc4c3ae752f1b3ee22ee860b162402

reference_id

reference_type

scores

value	8.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/spring-projects/spring-framework/commit/a95c3d820dbc4c3ae752f1b3ee22ee860b162402

reference_url

https://lists.debian.org/debian-lts-announce/2019/07/msg00012.html

reference_id

reference_type

scores

value	8.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2019/07/msg00012.html

reference_url

https://www.trustwave.com/Resources/SpiderLabs-Blog/Reflected-File-Download---A-New-Web-Attack-Vector

reference_id

reference_type

scores

value	8.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.trustwave.com/Resources/SpiderLabs-Blog/Reflected-File-Download---A-New-Web-Attack-Vector

reference_url	https://www.trustwave.com/Resources/SpiderLabs-Blog/Reflected-File-Download---A-New-Web-Attack-Vector/
reference_id
reference_type
scores
url	https://www.trustwave.com/Resources/SpiderLabs-Blog/Reflected-File-Download---A-New-Web-Attack-Vector/

reference_url	http://pivotal.io/security/cve-2015-5211
reference_id	CVE-2015-5211
reference_type
scores
url	http://pivotal.io/security/cve-2015-5211

reference_url	https://access.redhat.com/security/cve/cve-2015-5211
reference_id	CVE-2015-5211
reference_type
scores
url	https://access.redhat.com/security/cve/cve-2015-5211

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2015-5211

reference_id

CVE-2015-5211

reference_type

scores

value	8.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2015-5211

reference_url

https://pivotal.io/security/cve-2015-5211

reference_id

CVE-2015-5211

reference_type

scores

value	8.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://pivotal.io/security/cve-2015-5211

reference_url

https://github.com/advisories/GHSA-pgf9-h69p-pcgf

reference_id

GHSA-pgf9-h69p-pcgf

reference_type

scores

value	8.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/advisories/GHSA-pgf9-h69p-pcgf

reference_url	https://usn.ubuntu.com/USN-4774-1/
reference_id	USN-USN-4774-1
reference_type
scores
url	https://usn.ubuntu.com/USN-4774-1/

fixed_packages

url pkg:maven/org.springframework/spring-web@3.2.15.RELEASE

purl pkg:maven/org.springframework/spring-web@3.2.15.RELEASE

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5ng1-3a32-cugs

vulnerability	VCID-kpma-e8rd-b7c8

vulnerability	VCID-x5w8-j62d-m7h6

vulnerability	VCID-y3uz-etva-sufh

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-web@3.2.15.RELEASE

url pkg:maven/org.springframework/spring-web@4.1.8.RELEASE

purl pkg:maven/org.springframework/spring-web@4.1.8.RELEASE

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5ng1-3a32-cugs

vulnerability	VCID-kpma-e8rd-b7c8

vulnerability	VCID-x5w8-j62d-m7h6

vulnerability	VCID-y3uz-etva-sufh

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-web@4.1.8.RELEASE

url pkg:maven/org.springframework/spring-web@4.2.2.RELEASE

purl pkg:maven/org.springframework/spring-web@4.2.2.RELEASE

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5ng1-3a32-cugs

vulnerability	VCID-kpma-e8rd-b7c8

vulnerability	VCID-pht6-8af8-b3f2

vulnerability	VCID-x5w8-j62d-m7h6

vulnerability	VCID-y3uz-etva-sufh

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-web@4.2.2.RELEASE

aliases CVE-2015-5211, GHSA-pgf9-h69p-pcgf

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ec6g-dnjb-vycb

url VCID-eer8-apxc-2ue6

vulnerability_id VCID-eer8-apxc-2ue6

summary The Spring MVC in Spring Framework before 3.2.4 and 4.0.0.M1 through 4.0.0.M2 does not disable external entity resolution for the StAX XMLInputFactory, which allows context-dependent attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via crafted XML with JAXB, aka an XML External Entity (XXE) issue, and a different vulnerability than CVE-2013-4152. NOTE: this issue was SPLIT from CVE-2013-4152 due to different affected versions.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2013-7315

reference_id

reference_type

scores

value	0.00243
scoring_system	epss
scoring_elements	0.47624
published_at	2026-04-21T12:55:00Z

value	0.00243
scoring_system	epss
scoring_elements	0.47553
published_at	2026-04-01T12:55:00Z

value	0.00243
scoring_system	epss
scoring_elements	0.47592
published_at	2026-04-02T12:55:00Z

value	0.00243
scoring_system	epss
scoring_elements	0.47613
published_at	2026-04-04T12:55:00Z

value	0.00243
scoring_system	epss
scoring_elements	0.47562
published_at	2026-04-07T12:55:00Z

value	0.00243
scoring_system	epss
scoring_elements	0.47616
published_at	2026-04-08T12:55:00Z

value	0.00243
scoring_system	epss
scoring_elements	0.47612
published_at	2026-04-12T12:55:00Z

value	0.00243
scoring_system	epss
scoring_elements	0.47636
published_at	2026-04-11T12:55:00Z

value	0.00243
scoring_system	epss
scoring_elements	0.47621
published_at	2026-04-13T12:55:00Z

value	0.00243
scoring_system	epss
scoring_elements	0.47679
published_at	2026-04-16T12:55:00Z

value	0.00243
scoring_system	epss
scoring_elements	0.47671
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2013-7315

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-7315
reference_id
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-7315

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4152
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4152

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7315
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7315

reference_url

http://seclists.org/bugtraq/2013/Aug/154

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://seclists.org/bugtraq/2013/Aug/154

reference_url

http://seclists.org/fulldisclosure/2013/Nov/14

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://seclists.org/fulldisclosure/2013/Nov/14

reference_url

https://github.com/spring-projects/spring-framework/commit/434735fbf6e7f9051af2ef027657edb99120b173

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/spring-projects/spring-framework/commit/434735fbf6e7f9051af2ef027657edb99120b173

reference_url

https://github.com/spring-projects/spring-framework/commit/7576274874deeccb6da6b09a8d5bd62e8b5538b7

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/spring-projects/spring-framework/commit/7576274874deeccb6da6b09a8d5bd62e8b5538b7

reference_url

https://github.com/spring-projects/spring-framework/issues/15432

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/spring-projects/spring-framework/issues/15432

reference_url

https://jira.spring.io/browse/SPR-10806?redirect=false

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://jira.spring.io/browse/SPR-10806?redirect=false

reference_url

http://www.debian.org/security/2014/dsa-2842

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.debian.org/security/2014/dsa-2842

reference_url

http://www.securityfocus.com/bid/77998

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.securityfocus.com/bid/77998

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=720902
reference_id	720902
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=720902

reference_url	http://www.gopivotal.com/security/cve-2013-4152
reference_id	CVE-2013-4152
reference_type
scores
url	http://www.gopivotal.com/security/cve-2013-4152

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2013-7315

reference_id

CVE-2013-7315

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2013-7315

reference_url

https://github.com/advisories/GHSA-vp63-rrcm-9mph

reference_id

GHSA-vp63-rrcm-9mph

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-vp63-rrcm-9mph

fixed_packages

url pkg:maven/org.springframework/spring-web@3.2.4.RELEASE

purl pkg:maven/org.springframework/spring-web@3.2.4.RELEASE

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2nff-p7we-tuax

vulnerability	VCID-5ng1-3a32-cugs

vulnerability	VCID-ec6g-dnjb-vycb

vulnerability	VCID-kpma-e8rd-b7c8

vulnerability	VCID-mvx7-2y3s-fbbb

vulnerability	VCID-r384-aque-vqcw

vulnerability	VCID-x5w8-j62d-m7h6

vulnerability	VCID-y3uz-etva-sufh

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-web@3.2.4.RELEASE

url pkg:maven/org.springframework/spring-web@4.0.0.RELEASE

purl pkg:maven/org.springframework/spring-web@4.0.0.RELEASE

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2nff-p7we-tuax

vulnerability	VCID-5ng1-3a32-cugs

vulnerability	VCID-ec6g-dnjb-vycb

vulnerability	VCID-kpma-e8rd-b7c8

vulnerability	VCID-r384-aque-vqcw

vulnerability	VCID-x5w8-j62d-m7h6

vulnerability	VCID-y3uz-etva-sufh

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-web@4.0.0.RELEASE

aliases CVE-2013-7315, GHSA-vp63-rrcm-9mph

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-eer8-apxc-2ue6

url VCID-kpma-e8rd-b7c8

vulnerability_id VCID-kpma-e8rd-b7c8

summary

Pivotal Spring Framework contains unsafe Java deserialization methods
Pivotal Spring Framework before 6.0.0 suffers from a potential remote code execution (RCE) issue if used for Java deserialization of untrusted data. Depending on how the library is implemented within a product, this issue may or not occur, and authentication may be required.

Maintainers recommend investigating alternative components or a potential mitigating control. Version 4.2.6 and 3.2.17 contain [enhanced documentation](https://github.com/spring-projects/spring-framework/commit/5cbe90b2cd91b866a5a9586e460f311860e11cfa) advising users to take precautions against unsafe Java deserialization, version 5.3.0 [deprecate the impacted classes](https://github.com/spring-projects/spring-framework/issues/25379) and version 6.0.0 [removed it entirely](https://github.com/spring-projects/spring-framework/issues/27422).

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1000027.json

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1000027.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2016-1000027

reference_id

reference_type

scores

value	0.60417
scoring_system	epss
scoring_elements	0.98289
published_at	2026-04-21T12:55:00Z

value	0.60417
scoring_system	epss
scoring_elements	0.98288
published_at	2026-04-16T12:55:00Z

value	0.60417
scoring_system	epss
scoring_elements	0.98266
published_at	2026-04-01T12:55:00Z

value	0.60417
scoring_system	epss
scoring_elements	0.98269
published_at	2026-04-02T12:55:00Z

value	0.60417
scoring_system	epss
scoring_elements	0.98282
published_at	2026-04-13T12:55:00Z

value	0.60417
scoring_system	epss
scoring_elements	0.98281
published_at	2026-04-11T12:55:00Z

value	0.60417
scoring_system	epss
scoring_elements	0.98278
published_at	2026-04-09T12:55:00Z

value	0.60417
scoring_system	epss
scoring_elements	0.98272
published_at	2026-04-07T12:55:00Z

value	0.60417
scoring_system	epss
scoring_elements	0.98277
published_at	2026-04-08T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2016-1000027

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-1000027

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-1000027

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1000027
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1000027

reference_url

https://github.com/spring-projects/spring-framework

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/spring-projects/spring-framework

reference_url

https://github.com/spring-projects/spring-framework/commit/2b051b8b321768a4cfef83077db65c6328ffd60f

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/spring-projects/spring-framework/commit/2b051b8b321768a4cfef83077db65c6328ffd60f

reference_url

https://github.com/spring-projects/spring-framework/commit/5cbe90b2cd91b866a5a9586e460f311860e11cfa

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/spring-projects/spring-framework/commit/5cbe90b2cd91b866a5a9586e460f311860e11cfa

reference_url

https://github.com/spring-projects/spring-framework/issues/21680

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/spring-projects/spring-framework/issues/21680

reference_url

https://github.com/spring-projects/spring-framework/issues/24434

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/spring-projects/spring-framework/issues/24434

reference_url

https://github.com/spring-projects/spring-framework/issues/24434#issuecomment-1231625331

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/spring-projects/spring-framework/issues/24434#issuecomment-1231625331

reference_url

https://github.com/spring-projects/spring-framework/issues/24434#issuecomment-579669626

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/spring-projects/spring-framework/issues/24434#issuecomment-579669626

reference_url

https://github.com/spring-projects/spring-framework/issues/24434#issuecomment-582313417

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/spring-projects/spring-framework/issues/24434#issuecomment-582313417

reference_url

https://github.com/spring-projects/spring-framework/issues/24434#issuecomment-744519525

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/spring-projects/spring-framework/issues/24434#issuecomment-744519525

reference_url

https://jira.spring.io/browse/SPR-17143?redirect=false

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://jira.spring.io/browse/SPR-17143?redirect=false

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2016-1000027

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2016-1000027

reference_url

https://security.netapp.com/advisory/ntap-20230420-0009

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20230420-0009

reference_url	https://security.netapp.com/advisory/ntap-20230420-0009/
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20230420-0009/

reference_url

https://security-tracker.debian.org/tracker/CVE-2016-1000027

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://security-tracker.debian.org/tracker/CVE-2016-1000027

reference_url

https://spring.io/blog/2022/05/11/spring-framework-5-3-20-and-5-2-22-available-now

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://spring.io/blog/2022/05/11/spring-framework-5-3-20-and-5-2-22-available-now

reference_url

https://support.contrastsecurity.com/hc/en-us/articles/4402400830612-Spring-web-Java-Deserialization-CVE-2016-1000027

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://support.contrastsecurity.com/hc/en-us/articles/4402400830612-Spring-web-Java-Deserialization-CVE-2016-1000027

reference_url

https://www.tenable.com/security/research/tra-2016-20

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://www.tenable.com/security/research/tra-2016-20

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1357929
reference_id	1357929
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1357929

reference_url

https://github.com/advisories/GHSA-4wrc-f8pq-fpqp

reference_id

GHSA-4wrc-f8pq-fpqp

reference_type

scores

value	CRITICAL
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-4wrc-f8pq-fpqp

fixed_packages

url pkg:maven/org.springframework/spring-web@6.0.0

purl pkg:maven/org.springframework/spring-web@6.0.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2syk-pe22-f7cd

vulnerability	VCID-5ng1-3a32-cugs

vulnerability	VCID-dnat-v8gu-aqdn

vulnerability	VCID-pzz7-mfs4-rfda

vulnerability	VCID-x5w8-j62d-m7h6

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-web@6.0.0

aliases CVE-2016-1000027, GHSA-4wrc-f8pq-fpqp

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kpma-e8rd-b7c8

url VCID-mvx7-2y3s-fbbb

vulnerability_id VCID-mvx7-2y3s-fbbb

summary The SourceHttpMessageConverter in Spring MVC in Spring Framework before 3.2.5 and 4.0.0.M1 through 4.0.0.RC1 does not disable external entity resolution, which allows remote attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via crafted XML, aka an XML External Entity (XXE) issue, and a different vulnerability than CVE-2013-4152 and CVE-2013-7315.

references

reference_url

http://rhn.redhat.com/errata/RHSA-2014-0400.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://rhn.redhat.com/errata/RHSA-2014-0400.html

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-6429.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-6429.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2013-6429

reference_id

reference_type

scores

value	0.38725
scoring_system	epss
scoring_elements	0.97267
published_at	2026-04-21T12:55:00Z

value	0.38725
scoring_system	epss
scoring_elements	0.97241
published_at	2026-04-07T12:55:00Z

value	0.38725
scoring_system	epss
scoring_elements	0.97248
published_at	2026-04-08T12:55:00Z

value	0.38725
scoring_system	epss
scoring_elements	0.97249
published_at	2026-04-09T12:55:00Z

value	0.38725
scoring_system	epss
scoring_elements	0.97252
published_at	2026-04-11T12:55:00Z

value	0.38725
scoring_system	epss
scoring_elements	0.97253
published_at	2026-04-12T12:55:00Z

value	0.38725
scoring_system	epss
scoring_elements	0.97254
published_at	2026-04-13T12:55:00Z

value	0.38725
scoring_system	epss
scoring_elements	0.97262
published_at	2026-04-16T12:55:00Z

value	0.38725
scoring_system	epss
scoring_elements	0.97264
published_at	2026-04-18T12:55:00Z

value	0.38725
scoring_system	epss
scoring_elements	0.97229
published_at	2026-04-01T12:55:00Z

value	0.38725
scoring_system	epss
scoring_elements	0.97235
published_at	2026-04-02T12:55:00Z

value	0.38725
scoring_system	epss
scoring_elements	0.9724
published_at	2026-04-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2013-6429

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6429
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6429

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6430
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6430

reference_url

http://secunia.com/advisories/57915

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://secunia.com/advisories/57915

reference_url

https://github.com/spring-projects/spring-framework/commit/2ae6a6a3415eebc57babcb9d3e5505887eda6d8

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/spring-projects/spring-framework/commit/2ae6a6a3415eebc57babcb9d3e5505887eda6d8

reference_url

https://github.com/spring-projects/spring-framework/commit/7387cb990e35b0f1b573faf29d4f9ae183d7a5e

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/spring-projects/spring-framework/commit/7387cb990e35b0f1b573faf29d4f9ae183d7a5e

reference_url

https://github.com/spring-projects/spring-framework/issues/15704

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/spring-projects/spring-framework/issues/15704

reference_url

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05324755

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05324755

reference_url

https://jira.spring.io/browse/SPR-11078?redirect=false

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://jira.spring.io/browse/SPR-11078?redirect=false

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2013-6429

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2013-6429

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1053290
reference_id	1053290
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1053290

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=735420
reference_id	735420
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=735420

reference_url	https://bugzilla.redhat.com/CVE-2013-6429
reference_id	CVE-2013-6429
reference_type
scores
url	https://bugzilla.redhat.com/CVE-2013-6429

reference_url	http://www.gopivotal.com/security/cve-2013-6429
reference_id	CVE-2013-6429
reference_type
scores
url	http://www.gopivotal.com/security/cve-2013-6429

reference_url

https://github.com/advisories/GHSA-g6hf-f9cq-q7w7

reference_id

GHSA-g6hf-f9cq-q7w7

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-g6hf-f9cq-q7w7

reference_url	https://access.redhat.com/errata/RHSA-2014:0400
reference_id	RHSA-2014:0400
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2014:0400

reference_url	https://access.redhat.com/errata/RHSA-2014:0401
reference_id	RHSA-2014:0401
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2014:0401

fixed_packages

url pkg:maven/org.springframework/spring-web@3.2.5.RELEASE

purl pkg:maven/org.springframework/spring-web@3.2.5.RELEASE

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2nff-p7we-tuax

vulnerability	VCID-5ng1-3a32-cugs

vulnerability	VCID-ec6g-dnjb-vycb

vulnerability	VCID-kpma-e8rd-b7c8

vulnerability	VCID-r384-aque-vqcw

vulnerability	VCID-x5w8-j62d-m7h6

vulnerability	VCID-y3uz-etva-sufh

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-web@3.2.5.RELEASE

url pkg:maven/org.springframework/spring-web@4.0.0.RELEASE

purl pkg:maven/org.springframework/spring-web@4.0.0.RELEASE

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2nff-p7we-tuax

vulnerability	VCID-5ng1-3a32-cugs

vulnerability	VCID-ec6g-dnjb-vycb

vulnerability	VCID-kpma-e8rd-b7c8

vulnerability	VCID-r384-aque-vqcw

vulnerability	VCID-x5w8-j62d-m7h6

vulnerability	VCID-y3uz-etva-sufh

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-web@4.0.0.RELEASE

aliases CVE-2013-6429, GHSA-g6hf-f9cq-q7w7

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mvx7-2y3s-fbbb

url VCID-r384-aque-vqcw

vulnerability_id VCID-r384-aque-vqcw

summary When processing user provided XML documents, the Spring Framework 4.0.0 to 4.0.4, 3.0.0 to 3.2.8, and possibly earlier unsupported versions did not disable by default the resolution of URI references in a DTD declaration. This enabled an XXE attack.

references

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0225.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0225.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2014-0225

reference_id

reference_type

scores

value	0.00236
scoring_system	epss
scoring_elements	0.46438
published_at	2026-04-01T12:55:00Z

value	0.00236
scoring_system	epss
scoring_elements	0.46508
published_at	2026-04-21T12:55:00Z

value	0.00236
scoring_system	epss
scoring_elements	0.46561
published_at	2026-04-18T12:55:00Z

value	0.00236
scoring_system	epss
scoring_elements	0.46563
published_at	2026-04-16T12:55:00Z

value	0.00236
scoring_system	epss
scoring_elements	0.46506
published_at	2026-04-13T12:55:00Z

value	0.00236
scoring_system	epss
scoring_elements	0.46497
published_at	2026-04-12T12:55:00Z

value	0.00236
scoring_system	epss
scoring_elements	0.46526
published_at	2026-04-11T12:55:00Z

value	0.00236
scoring_system	epss
scoring_elements	0.46502
published_at	2026-04-09T12:55:00Z

value	0.00236
scoring_system	epss
scoring_elements	0.46447
published_at	2026-04-07T12:55:00Z

value	0.00236
scoring_system	epss
scoring_elements	0.46498
published_at	2026-04-04T12:55:00Z

value	0.00236
scoring_system	epss
scoring_elements	0.46478
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2014-0225

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-0225
reference_id
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-0225

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0225
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0225

reference_url

https://github.com/spring-projects/spring-framework/commit/44ee51a6c9c3734b3fcf9a20817117e86047d753

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/spring-projects/spring-framework/commit/44ee51a6c9c3734b3fcf9a20817117e86047d753

reference_url

https://github.com/spring-projects/spring-framework/commit/8e096aeef55287dc829484996c9330cf755891a1

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/spring-projects/spring-framework/commit/8e096aeef55287dc829484996c9330cf755891a1

reference_url

https://github.com/spring-projects/spring-framework/commit/c6503ebbf7c9e21ff022c58706dbac5417b2b5eb

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/spring-projects/spring-framework/commit/c6503ebbf7c9e21ff022c58706dbac5417b2b5eb

reference_url

https://jira.spring.io/browse/SPR-11768

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://jira.spring.io/browse/SPR-11768

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1110110
reference_id	1110110
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1110110

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=753470
reference_id	753470
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=753470

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2014-0225

reference_id

CVE-2014-0225

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2014-0225

reference_url

https://pivotal.io/security/cve-2014-0225

reference_id

CVE-2014-0225

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://pivotal.io/security/cve-2014-0225

reference_url	http://www.gopivotal.com/security/cve-2014-0225
reference_id	CVE-2014-0225
reference_type
scores
url	http://www.gopivotal.com/security/cve-2014-0225

reference_url

https://github.com/advisories/GHSA-f93f-g33r-8pcp

reference_id

GHSA-f93f-g33r-8pcp

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-f93f-g33r-8pcp

reference_url	https://access.redhat.com/errata/RHSA-2014:1351
reference_id	RHSA-2014:1351
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2014:1351

reference_url	https://usn.ubuntu.com/USN-4774-1/
reference_id	USN-USN-4774-1
reference_type
scores
url	https://usn.ubuntu.com/USN-4774-1/

fixed_packages

url pkg:maven/org.springframework/spring-web@3.2.9.RELEASE

purl pkg:maven/org.springframework/spring-web@3.2.9.RELEASE

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2nff-p7we-tuax

vulnerability	VCID-5ng1-3a32-cugs

vulnerability	VCID-ec6g-dnjb-vycb

vulnerability	VCID-kpma-e8rd-b7c8

vulnerability	VCID-x5w8-j62d-m7h6

vulnerability	VCID-y3uz-etva-sufh

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-web@3.2.9.RELEASE

url pkg:maven/org.springframework/spring-web@4.0.5.RELEASE

purl pkg:maven/org.springframework/spring-web@4.0.5.RELEASE

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2nff-p7we-tuax

vulnerability	VCID-5ng1-3a32-cugs

vulnerability	VCID-ec6g-dnjb-vycb

vulnerability	VCID-kpma-e8rd-b7c8

vulnerability	VCID-x5w8-j62d-m7h6

vulnerability	VCID-y3uz-etva-sufh

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-web@4.0.5.RELEASE

aliases CVE-2014-0225, GHSA-f93f-g33r-8pcp

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-r384-aque-vqcw

url VCID-x5w8-j62d-m7h6

vulnerability_id VCID-x5w8-j62d-m7h6

summary

Spring Framework DoS via conditional HTTP request
### Description
Applications that parse ETags from `If-Match` or `If-None-Match` request headers are vulnerable to DoS attack.

### Affected Spring Products and Versions
org.springframework:spring-web in versions 

6.1.0 through 6.1.11
6.0.0 through 6.0.22
5.3.0 through 5.3.37

Older, unsupported versions are also affected

### Mitigation
Users of affected versions should upgrade to the corresponding fixed version.
6.1.x -> 6.1.12
6.0.x -> 6.0.23
5.3.x -> 5.3.38
No other mitigation steps are necessary.

Users of older, unsupported versions could enforce a size limit on `If-Match` and `If-None-Match` headers, e.g. through a Filter.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-38809.json

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-38809.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-38809

reference_id

reference_type

scores

value	0.0014
scoring_system	epss
scoring_elements	0.3416
published_at	2026-04-21T12:55:00Z

value	0.0014
scoring_system	epss
scoring_elements	0.34196
published_at	2026-04-18T12:55:00Z

value	0.0014
scoring_system	epss
scoring_elements	0.34208
published_at	2026-04-16T12:55:00Z

value	0.0014
scoring_system	epss
scoring_elements	0.34176
published_at	2026-04-13T12:55:00Z

value	0.0014
scoring_system	epss
scoring_elements	0.34199
published_at	2026-04-12T12:55:00Z

value	0.0014
scoring_system	epss
scoring_elements	0.3421
published_at	2026-04-08T12:55:00Z

value	0.0014
scoring_system	epss
scoring_elements	0.34168
published_at	2026-04-07T12:55:00Z

value	0.0014
scoring_system	epss
scoring_elements	0.34304
published_at	2026-04-04T12:55:00Z

value	0.0014
scoring_system	epss
scoring_elements	0.34272
published_at	2026-04-02T12:55:00Z

value	0.0014
scoring_system	epss
scoring_elements	0.3424
published_at	2026-04-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-38809

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38809
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38809

reference_url

https://github.com/spring-projects/spring-framework

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/spring-projects/spring-framework

reference_url

https://github.com/spring-projects/spring-framework/commit/582bfccbb72e5c8959a0b472d1dc7d03a20520f3

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/spring-projects/spring-framework/commit/582bfccbb72e5c8959a0b472d1dc7d03a20520f3

reference_url

https://github.com/spring-projects/spring-framework/commit/8d16a50907c11f7e6b407d878a26e84eba08a533

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/spring-projects/spring-framework/commit/8d16a50907c11f7e6b407d878a26e84eba08a533

reference_url

https://github.com/spring-projects/spring-framework/commit/bb17ad8314b81850a939fd265fb53b3361705e85

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/spring-projects/spring-framework/commit/bb17ad8314b81850a939fd265fb53b3361705e85

reference_url

https://github.com/spring-projects/spring-framework/issues/33372

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/spring-projects/spring-framework/issues/33372

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2024-38809

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2024-38809

reference_url

https://spring.io/security/cve-2024-38809

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-27T18:49:57Z/

url

https://spring.io/security/cve-2024-38809

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2314495
reference_id	2314495
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2314495

reference_url

https://github.com/advisories/GHSA-2rmj-mq67-h97g

reference_id

GHSA-2rmj-mq67-h97g

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-2rmj-mq67-h97g

reference_url	https://access.redhat.com/errata/RHSA-2024:8064
reference_id	RHSA-2024:8064
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:8064

fixed_packages

url pkg:maven/org.springframework/spring-web@5.3.38

purl pkg:maven/org.springframework/spring-web@5.3.38

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-kpma-e8rd-b7c8

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-web@5.3.38

url pkg:maven/org.springframework/spring-web@6.0.23

purl pkg:maven/org.springframework/spring-web@6.0.23

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-q4ad-g67b-efaj

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-web@6.0.23

url	pkg:maven/org.springframework/spring-web@6.1.12
purl	pkg:maven/org.springframework/spring-web@6.1.12
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-web@6.1.12

aliases CVE-2024-38809, GHSA-2rmj-mq67-h97g

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-x5w8-j62d-m7h6

url VCID-y3uz-etva-sufh

vulnerability_id VCID-y3uz-etva-sufh

summary

Improper Input Validation in Spring Framework
In Spring Framework versions 5.2.0 - 5.2.8, 5.1.0 - 5.1.17, 5.0.0 - 5.0.18, 4.3.0 - 4.3.28, and older unsupported versions, the protections against RFD attacks from CVE-2015-5211 may be bypassed depending on the browser used through the use of a jsessionid path parameter.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-5421.json

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-5421.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-5421

reference_id

reference_type

scores

value	0.63828
scoring_system	epss
scoring_elements	0.98431
published_at	2026-04-21T12:55:00Z

value	0.63828
scoring_system	epss
scoring_elements	0.98432
published_at	2026-04-16T12:55:00Z

value	0.63828
scoring_system	epss
scoring_elements	0.98427
published_at	2026-04-13T12:55:00Z

value	0.63828
scoring_system	epss
scoring_elements	0.98424
published_at	2026-04-09T12:55:00Z

value	0.63828
scoring_system	epss
scoring_elements	0.98423
published_at	2026-04-08T12:55:00Z

value	0.63828
scoring_system	epss
scoring_elements	0.9842
published_at	2026-04-07T12:55:00Z

value	0.63828
scoring_system	epss
scoring_elements	0.98417
published_at	2026-04-04T12:55:00Z

value	0.63828
scoring_system	epss
scoring_elements	0.98414
published_at	2026-04-02T12:55:00Z

value	0.63828
scoring_system	epss
scoring_elements	0.98412
published_at	2026-04-01T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-5421

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5421
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5421

reference_url

https://lists.apache.org/thread.html/r1c679c43fa4f7846d748a937955c7921436d1b315445978254442163@%3Ccommits.ambari.apache.org%3E

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r1c679c43fa4f7846d748a937955c7921436d1b315445978254442163@%3Ccommits.ambari.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r1eccdbd7986618a7319ee7a533bd9d9bf6e8678e59dd4cca9b5b2d7a@%3Cissues.ambari.apache.org%3E

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r1eccdbd7986618a7319ee7a533bd9d9bf6e8678e59dd4cca9b5b2d7a@%3Cissues.ambari.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r3589ed0d18edeb79028615080d5a0e8878856436bb91774a3196d9eb@%3Ccommits.pulsar.apache.org%3E

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r3589ed0d18edeb79028615080d5a0e8878856436bb91774a3196d9eb@%3Ccommits.pulsar.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r503e64b43a57fd68229cac4a869d1a9a2eac9e75f8719cad3a840211@%3Ccommits.pulsar.apache.org%3E

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r503e64b43a57fd68229cac4a869d1a9a2eac9e75f8719cad3a840211@%3Ccommits.pulsar.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r5c95eff679dfc642e9e4ab5ac6d202248a59cb1e9457cfbe8b729ac5@%3Cissues.ambari.apache.org%3E

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r5c95eff679dfc642e9e4ab5ac6d202248a59cb1e9457cfbe8b729ac5@%3Cissues.ambari.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r7e6a213eea7f04fc6d9e3bd6eb8d68c4df92a22e956e95cb2c482865@%3Cissues.hive.apache.org%3E

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r7e6a213eea7f04fc6d9e3bd6eb8d68c4df92a22e956e95cb2c482865@%3Cissues.hive.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r8b496b1743d128e6861ee0ed3c3c48cc56c505b38f84fa5baf7ae33a@%3Cdev.ambari.apache.org%3E

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r8b496b1743d128e6861ee0ed3c3c48cc56c505b38f84fa5baf7ae33a@%3Cdev.ambari.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r918caad55dcc640a16753b00d8d6acb90b4e36de4b6156d0867246ec@%3Ccommits.pulsar.apache.org%3E

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r918caad55dcc640a16753b00d8d6acb90b4e36de4b6156d0867246ec@%3Ccommits.pulsar.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r9f13cccb214495e14648d2c9b8f2c6072fd5219e74502dd35ede81e1@%3Cdev.ambari.apache.org%3E

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r9f13cccb214495e14648d2c9b8f2c6072fd5219e74502dd35ede81e1@%3Cdev.ambari.apache.org%3E

reference_url

https://lists.apache.org/thread.html/ra889d95141059c6cbe77dd80249bb488ae53b274b5f3abad09d9511d@%3Cuser.ignite.apache.org%3E

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/ra889d95141059c6cbe77dd80249bb488ae53b274b5f3abad09d9511d@%3Cuser.ignite.apache.org%3E

reference_url

https://lists.apache.org/thread.html/raf7ca57033e537e4f9d7df7f192fa6968c1e49409b2348e08d807ccb@%3Cuser.ignite.apache.org%3E

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/raf7ca57033e537e4f9d7df7f192fa6968c1e49409b2348e08d807ccb@%3Cuser.ignite.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rb18ed999153ef0f0cb7af03efe0046c42c7242fd77fbd884a75ecfdc@%3Ccommits.pulsar.apache.org%3E

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rb18ed999153ef0f0cb7af03efe0046c42c7242fd77fbd884a75ecfdc@%3Ccommits.pulsar.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rc9efaf6db98bee19db1bc911d0fa442287dac5cb229d4aaa08b6a13d@%3Cissues.hive.apache.org%3E

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rc9efaf6db98bee19db1bc911d0fa442287dac5cb229d4aaa08b6a13d@%3Cissues.hive.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rd462a8b0dfab4c15e67c0672cd3c211ecd0e4f018f824082ed54f665@%3Cissues.hive.apache.org%3E

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rd462a8b0dfab4c15e67c0672cd3c211ecd0e4f018f824082ed54f665@%3Cissues.hive.apache.org%3E

reference_url

https://lists.apache.org/thread.html/re014a49d77f038ba70e5e9934d400af6653e8c9ac110d32b1254127e@%3Cdev.ranger.apache.org%3E

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/re014a49d77f038ba70e5e9934d400af6653e8c9ac110d32b1254127e@%3Cdev.ranger.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rf00d8f4101a1c1ea4de6ea1e09ddf7472cfd306745c90d6da87ae074@%3Cdev.hive.apache.org%3E

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rf00d8f4101a1c1ea4de6ea1e09ddf7472cfd306745c90d6da87ae074@%3Cdev.hive.apache.org%3E

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-5421

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-5421

reference_url

https://security.netapp.com/advisory/ntap-20210513-0009

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20210513-0009

reference_url	https://security.netapp.com/advisory/ntap-20210513-0009/
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20210513-0009/

reference_url

https://tanzu.vmware.com/security/cve-2020-5421

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://tanzu.vmware.com/security/cve-2020-5421

reference_url

https://www.oracle.com/security-alerts/cpuApr2021.html

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuApr2021.html

reference_url

https://www.oracle.com/security-alerts/cpuapr2022.html

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuapr2022.html

reference_url

https://www.oracle.com/security-alerts/cpujan2021.html

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpujan2021.html

reference_url

https://www.oracle.com/security-alerts/cpujan2022.html

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpujan2022.html

reference_url

https://www.oracle.com//security-alerts/cpujul2021.html

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com//security-alerts/cpujul2021.html

reference_url

https://www.oracle.com/security-alerts/cpuoct2021.html

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuoct2021.html

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1881158
reference_id	1881158
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1881158

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=973381
reference_id	973381
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=973381

reference_url

https://github.com/advisories/GHSA-rv39-3qh7-9v7w

reference_id

GHSA-rv39-3qh7-9v7w

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-rv39-3qh7-9v7w

fixed_packages

url pkg:maven/org.springframework/spring-web@4.2.9.RELEASE

purl pkg:maven/org.springframework/spring-web@4.2.9.RELEASE

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5ng1-3a32-cugs

vulnerability	VCID-kpma-e8rd-b7c8

vulnerability	VCID-pht6-8af8-b3f2

vulnerability	VCID-x5w8-j62d-m7h6

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-web@4.2.9.RELEASE

url pkg:maven/org.springframework/spring-web@4.3.28.RELEASE

purl pkg:maven/org.springframework/spring-web@4.3.28.RELEASE

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5ng1-3a32-cugs

vulnerability	VCID-kpma-e8rd-b7c8

vulnerability	VCID-x5w8-j62d-m7h6

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-web@4.3.28.RELEASE

url pkg:maven/org.springframework/spring-web@4.3.29.RELEASE

purl pkg:maven/org.springframework/spring-web@4.3.29.RELEASE

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5ng1-3a32-cugs

vulnerability	VCID-kpma-e8rd-b7c8

vulnerability	VCID-x5w8-j62d-m7h6

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-web@4.3.29.RELEASE

url pkg:maven/org.springframework/spring-web@5.0.18.RELEASE

purl pkg:maven/org.springframework/spring-web@5.0.18.RELEASE

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5ng1-3a32-cugs

vulnerability	VCID-kpma-e8rd-b7c8

vulnerability	VCID-x5w8-j62d-m7h6

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-web@5.0.18.RELEASE

url pkg:maven/org.springframework/spring-web@5.0.19.RELEASE

purl pkg:maven/org.springframework/spring-web@5.0.19.RELEASE

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5ng1-3a32-cugs

vulnerability	VCID-kpma-e8rd-b7c8

vulnerability	VCID-x5w8-j62d-m7h6

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-web@5.0.19.RELEASE

url pkg:maven/org.springframework/spring-web@5.1.17.RELEASE

purl pkg:maven/org.springframework/spring-web@5.1.17.RELEASE

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5ng1-3a32-cugs

vulnerability	VCID-kpma-e8rd-b7c8

vulnerability	VCID-x5w8-j62d-m7h6

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-web@5.1.17.RELEASE

url pkg:maven/org.springframework/spring-web@5.1.18.RELEASE

purl pkg:maven/org.springframework/spring-web@5.1.18.RELEASE

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5ng1-3a32-cugs

vulnerability	VCID-kpma-e8rd-b7c8

vulnerability	VCID-x5w8-j62d-m7h6

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-web@5.1.18.RELEASE

url pkg:maven/org.springframework/spring-web@5.2.8.RELEASE

purl pkg:maven/org.springframework/spring-web@5.2.8.RELEASE

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5ng1-3a32-cugs

vulnerability	VCID-kpma-e8rd-b7c8

vulnerability	VCID-x5w8-j62d-m7h6

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-web@5.2.8.RELEASE

url pkg:maven/org.springframework/spring-web@5.2.9.RELEASE

purl pkg:maven/org.springframework/spring-web@5.2.9.RELEASE

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5ng1-3a32-cugs

vulnerability	VCID-kpma-e8rd-b7c8

vulnerability	VCID-x5w8-j62d-m7h6

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-web@5.2.9.RELEASE

aliases CVE-2020-5421, GHSA-rv39-3qh7-9v7w

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-y3uz-etva-sufh

Fixing_vulnerabilities

Risk_score 4.5

Resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-web@3.2.1.RELEASE

Package Instance