Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/org.springframework/spring-web@3-alpha0
Typemaven
Namespaceorg.springframework
Namespring-web
Version3-alpha0
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version6.1.12
Latest_non_vulnerable_version6.2.8
Affected_by_vulnerabilities
0
url VCID-eer8-apxc-2ue6
vulnerability_id VCID-eer8-apxc-2ue6
summary The Spring MVC in Spring Framework before 3.2.4 and 4.0.0.M1 through 4.0.0.M2 does not disable external entity resolution for the StAX XMLInputFactory, which allows context-dependent attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via crafted XML with JAXB, aka an XML External Entity (XXE) issue, and a different vulnerability than CVE-2013-4152. NOTE: this issue was SPLIT from CVE-2013-4152 due to different affected versions.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2013-7315
reference_id
reference_type
scores
0
value 0.00243
scoring_system epss
scoring_elements 0.47624
published_at 2026-04-21T12:55:00Z
1
value 0.00243
scoring_system epss
scoring_elements 0.47553
published_at 2026-04-01T12:55:00Z
2
value 0.00243
scoring_system epss
scoring_elements 0.47592
published_at 2026-04-02T12:55:00Z
3
value 0.00243
scoring_system epss
scoring_elements 0.47613
published_at 2026-04-04T12:55:00Z
4
value 0.00243
scoring_system epss
scoring_elements 0.47562
published_at 2026-04-07T12:55:00Z
5
value 0.00243
scoring_system epss
scoring_elements 0.47616
published_at 2026-04-08T12:55:00Z
6
value 0.00243
scoring_system epss
scoring_elements 0.47612
published_at 2026-04-12T12:55:00Z
7
value 0.00243
scoring_system epss
scoring_elements 0.47636
published_at 2026-04-11T12:55:00Z
8
value 0.00243
scoring_system epss
scoring_elements 0.47621
published_at 2026-04-13T12:55:00Z
9
value 0.00243
scoring_system epss
scoring_elements 0.47679
published_at 2026-04-16T12:55:00Z
10
value 0.00243
scoring_system epss
scoring_elements 0.47671
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2013-7315
1
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-7315
reference_id
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-7315
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4152
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4152
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7315
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7315
4
reference_url http://seclists.org/bugtraq/2013/Aug/154
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://seclists.org/bugtraq/2013/Aug/154
5
reference_url http://seclists.org/fulldisclosure/2013/Nov/14
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://seclists.org/fulldisclosure/2013/Nov/14
6
reference_url https://github.com/spring-projects/spring-framework/commit/434735fbf6e7f9051af2ef027657edb99120b173
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/spring-projects/spring-framework/commit/434735fbf6e7f9051af2ef027657edb99120b173
7
reference_url https://github.com/spring-projects/spring-framework/commit/7576274874deeccb6da6b09a8d5bd62e8b5538b7
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/spring-projects/spring-framework/commit/7576274874deeccb6da6b09a8d5bd62e8b5538b7
8
reference_url https://github.com/spring-projects/spring-framework/issues/15432
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/spring-projects/spring-framework/issues/15432
9
reference_url https://jira.spring.io/browse/SPR-10806?redirect=false
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://jira.spring.io/browse/SPR-10806?redirect=false
10
reference_url http://www.debian.org/security/2014/dsa-2842
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.debian.org/security/2014/dsa-2842
11
reference_url http://www.securityfocus.com/bid/77998
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/77998
12
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=720902
reference_id 720902
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=720902
13
reference_url http://www.gopivotal.com/security/cve-2013-4152
reference_id CVE-2013-4152
reference_type
scores
url http://www.gopivotal.com/security/cve-2013-4152
14
reference_url https://nvd.nist.gov/vuln/detail/CVE-2013-7315
reference_id CVE-2013-7315
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2013-7315
15
reference_url https://github.com/advisories/GHSA-vp63-rrcm-9mph
reference_id GHSA-vp63-rrcm-9mph
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-vp63-rrcm-9mph
fixed_packages
0
url pkg:maven/org.springframework/spring-web@3.2.4.RELEASE
purl pkg:maven/org.springframework/spring-web@3.2.4.RELEASE
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2nff-p7we-tuax
1
vulnerability VCID-5ng1-3a32-cugs
2
vulnerability VCID-ec6g-dnjb-vycb
3
vulnerability VCID-kpma-e8rd-b7c8
4
vulnerability VCID-mvx7-2y3s-fbbb
5
vulnerability VCID-r384-aque-vqcw
6
vulnerability VCID-x5w8-j62d-m7h6
7
vulnerability VCID-y3uz-etva-sufh
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-web@3.2.4.RELEASE
1
url pkg:maven/org.springframework/spring-web@4.0.0.RELEASE
purl pkg:maven/org.springframework/spring-web@4.0.0.RELEASE
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2nff-p7we-tuax
1
vulnerability VCID-5ng1-3a32-cugs
2
vulnerability VCID-ec6g-dnjb-vycb
3
vulnerability VCID-kpma-e8rd-b7c8
4
vulnerability VCID-r384-aque-vqcw
5
vulnerability VCID-x5w8-j62d-m7h6
6
vulnerability VCID-y3uz-etva-sufh
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-web@4.0.0.RELEASE
aliases CVE-2013-7315, GHSA-vp63-rrcm-9mph
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-eer8-apxc-2ue6
1
url VCID-mvx7-2y3s-fbbb
vulnerability_id VCID-mvx7-2y3s-fbbb
summary The SourceHttpMessageConverter in Spring MVC in Spring Framework before 3.2.5 and 4.0.0.M1 through 4.0.0.RC1 does not disable external entity resolution, which allows remote attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via crafted XML, aka an XML External Entity (XXE) issue, and a different vulnerability than CVE-2013-4152 and CVE-2013-7315.
references
0
reference_url http://rhn.redhat.com/errata/RHSA-2014-0400.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2014-0400.html
1
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-6429.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-6429.json
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2013-6429
reference_id
reference_type
scores
0
value 0.38725
scoring_system epss
scoring_elements 0.97267
published_at 2026-04-21T12:55:00Z
1
value 0.38725
scoring_system epss
scoring_elements 0.97241
published_at 2026-04-07T12:55:00Z
2
value 0.38725
scoring_system epss
scoring_elements 0.97248
published_at 2026-04-08T12:55:00Z
3
value 0.38725
scoring_system epss
scoring_elements 0.97249
published_at 2026-04-09T12:55:00Z
4
value 0.38725
scoring_system epss
scoring_elements 0.97252
published_at 2026-04-11T12:55:00Z
5
value 0.38725
scoring_system epss
scoring_elements 0.97253
published_at 2026-04-12T12:55:00Z
6
value 0.38725
scoring_system epss
scoring_elements 0.97254
published_at 2026-04-13T12:55:00Z
7
value 0.38725
scoring_system epss
scoring_elements 0.97262
published_at 2026-04-16T12:55:00Z
8
value 0.38725
scoring_system epss
scoring_elements 0.97264
published_at 2026-04-18T12:55:00Z
9
value 0.38725
scoring_system epss
scoring_elements 0.97229
published_at 2026-04-01T12:55:00Z
10
value 0.38725
scoring_system epss
scoring_elements 0.97235
published_at 2026-04-02T12:55:00Z
11
value 0.38725
scoring_system epss
scoring_elements 0.9724
published_at 2026-04-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2013-6429
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6429
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6429
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6430
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6430
5
reference_url http://secunia.com/advisories/57915
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://secunia.com/advisories/57915
6
reference_url https://github.com/spring-projects/spring-framework/commit/2ae6a6a3415eebc57babcb9d3e5505887eda6d8
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/spring-projects/spring-framework/commit/2ae6a6a3415eebc57babcb9d3e5505887eda6d8
7
reference_url https://github.com/spring-projects/spring-framework/commit/7387cb990e35b0f1b573faf29d4f9ae183d7a5e
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/spring-projects/spring-framework/commit/7387cb990e35b0f1b573faf29d4f9ae183d7a5e
8
reference_url https://github.com/spring-projects/spring-framework/issues/15704
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/spring-projects/spring-framework/issues/15704
9
reference_url https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05324755
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05324755
10
reference_url https://jira.spring.io/browse/SPR-11078?redirect=false
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://jira.spring.io/browse/SPR-11078?redirect=false
11
reference_url https://nvd.nist.gov/vuln/detail/CVE-2013-6429
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2013-6429
12
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1053290
reference_id 1053290
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1053290
13
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=735420
reference_id 735420
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=735420
14
reference_url https://bugzilla.redhat.com/CVE-2013-6429
reference_id CVE-2013-6429
reference_type
scores
url https://bugzilla.redhat.com/CVE-2013-6429
15
reference_url http://www.gopivotal.com/security/cve-2013-6429
reference_id CVE-2013-6429
reference_type
scores
url http://www.gopivotal.com/security/cve-2013-6429
16
reference_url https://github.com/advisories/GHSA-g6hf-f9cq-q7w7
reference_id GHSA-g6hf-f9cq-q7w7
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-g6hf-f9cq-q7w7
17
reference_url https://access.redhat.com/errata/RHSA-2014:0400
reference_id RHSA-2014:0400
reference_type
scores
url https://access.redhat.com/errata/RHSA-2014:0400
18
reference_url https://access.redhat.com/errata/RHSA-2014:0401
reference_id RHSA-2014:0401
reference_type
scores
url https://access.redhat.com/errata/RHSA-2014:0401
fixed_packages
0
url pkg:maven/org.springframework/spring-web@3.2.5.RELEASE
purl pkg:maven/org.springframework/spring-web@3.2.5.RELEASE
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2nff-p7we-tuax
1
vulnerability VCID-5ng1-3a32-cugs
2
vulnerability VCID-ec6g-dnjb-vycb
3
vulnerability VCID-kpma-e8rd-b7c8
4
vulnerability VCID-r384-aque-vqcw
5
vulnerability VCID-x5w8-j62d-m7h6
6
vulnerability VCID-y3uz-etva-sufh
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-web@3.2.5.RELEASE
1
url pkg:maven/org.springframework/spring-web@4.0.0.RELEASE
purl pkg:maven/org.springframework/spring-web@4.0.0.RELEASE
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2nff-p7we-tuax
1
vulnerability VCID-5ng1-3a32-cugs
2
vulnerability VCID-ec6g-dnjb-vycb
3
vulnerability VCID-kpma-e8rd-b7c8
4
vulnerability VCID-r384-aque-vqcw
5
vulnerability VCID-x5w8-j62d-m7h6
6
vulnerability VCID-y3uz-etva-sufh
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-web@4.0.0.RELEASE
aliases CVE-2013-6429, GHSA-g6hf-f9cq-q7w7
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mvx7-2y3s-fbbb
Fixing_vulnerabilities
Risk_score3.1
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-web@3-alpha0