Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:maven/org.springframework/spring-web@4-alpha0

Type maven

Namespace org.springframework

Name spring-web

Version 4-alpha0

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 6.1.12

Latest_non_vulnerable_version 6.2.8

Affected_by_vulnerabilities

url VCID-2nff-p7we-tuax

vulnerability_id VCID-2nff-p7we-tuax

summary Pivotal Spring Framework before 3.2.14 and 4.x before 4.1.7 do not properly process inline DTD declarations when DTD is not entirely disabled, which allows remote attackers to cause a denial of service (memory consumption and out-of-memory errors) via a crafted XML file.

references

reference_url

http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162015.html

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162015.html

reference_url

http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162017.html

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162017.html

reference_url

http://rhn.redhat.com/errata/RHSA-2016-1592.html

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://rhn.redhat.com/errata/RHSA-2016-1592.html

reference_url

http://rhn.redhat.com/errata/RHSA-2016-1593.html

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://rhn.redhat.com/errata/RHSA-2016-1593.html

reference_url

http://rhn.redhat.com/errata/RHSA-2016-2035.html

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://rhn.redhat.com/errata/RHSA-2016-2035.html

reference_url

http://rhn.redhat.com/errata/RHSA-2016-2036.html

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://rhn.redhat.com/errata/RHSA-2016-2036.html

reference_url

https://access.redhat.com/errata/RHSA-2016:1218

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2016:1218

reference_url

https://access.redhat.com/errata/RHSA-2016:1219

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2016:1219

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-3192.json

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-3192.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2015-3192

reference_id

reference_type

scores

value	0.01378
scoring_system	epss
scoring_elements	0.8032
published_at	2026-04-24T12:55:00Z

value	0.01378
scoring_system	epss
scoring_elements	0.80206
published_at	2026-04-01T12:55:00Z

value	0.01378
scoring_system	epss
scoring_elements	0.80214
published_at	2026-04-02T12:55:00Z

value	0.01378
scoring_system	epss
scoring_elements	0.80234
published_at	2026-04-04T12:55:00Z

value	0.01378
scoring_system	epss
scoring_elements	0.80222
published_at	2026-04-07T12:55:00Z

value	0.01378
scoring_system	epss
scoring_elements	0.80251
published_at	2026-04-08T12:55:00Z

value	0.01378
scoring_system	epss
scoring_elements	0.80261
published_at	2026-04-09T12:55:00Z

value	0.01378
scoring_system	epss
scoring_elements	0.80279
published_at	2026-04-11T12:55:00Z

value	0.01378
scoring_system	epss
scoring_elements	0.80264
published_at	2026-04-12T12:55:00Z

value	0.01378
scoring_system	epss
scoring_elements	0.80258
published_at	2026-04-13T12:55:00Z

value	0.01378
scoring_system	epss
scoring_elements	0.80288
published_at	2026-04-16T12:55:00Z

value	0.01378
scoring_system	epss
scoring_elements	0.8029
published_at	2026-04-18T12:55:00Z

value	0.01378
scoring_system	epss
scoring_elements	0.80294
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2015-3192

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3192
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3192

reference_url

https://github.com/spring-projects/spring-framework

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/spring-projects/spring-framework

reference_url

https://github.com/spring-projects/spring-framework/commit/0411435bac835de88a80a64b3f67b1b89244e907

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/spring-projects/spring-framework/commit/0411435bac835de88a80a64b3f67b1b89244e907

reference_url

https://github.com/spring-projects/spring-framework/commit/38b8262e1e2db9be9d2171d81547da5c65ba7e09

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/spring-projects/spring-framework/commit/38b8262e1e2db9be9d2171d81547da5c65ba7e09

reference_url	https://github.com/spring-projects/spring-framework/commit/5a711c05ec750f069235597173084c2ee796242
reference_id
reference_type
scores
url	https://github.com/spring-projects/spring-framework/commit/5a711c05ec750f069235597173084c2ee796242

reference_url

https://github.com/spring-projects/spring-framework/commit/5a711c05ec750f069235597173084c2ee7962424

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/spring-projects/spring-framework/commit/5a711c05ec750f069235597173084c2ee7962424

reference_url

https://github.com/spring-projects/spring-framework/commit/9c3580d04e84d25a90ef4c249baee1b4e02df15e

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/spring-projects/spring-framework/commit/9c3580d04e84d25a90ef4c249baee1b4e02df15e

reference_url

https://github.com/spring-projects/spring-framework/commit/d79ec68db40c381b8e205af52748ebd3163ee33b

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/spring-projects/spring-framework/commit/d79ec68db40c381b8e205af52748ebd3163ee33b

reference_url

https://github.com/spring-projects/spring-framework/commit/e4651d6b50c5bc85c84ff537859c212ac4e33434

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/spring-projects/spring-framework/commit/e4651d6b50c5bc85c84ff537859c212ac4e33434

reference_url

https://github.com/spring-projects/spring-framework/issues/17727

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/spring-projects/spring-framework/issues/17727

reference_url

https://github.com/spring-projects/spring-framework/issues/20352

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/spring-projects/spring-framework/issues/20352

reference_url

https://jira.spring.io/browse/SPR-13136

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://jira.spring.io/browse/SPR-13136

reference_url

https://jira.spring.io/browse/SPR-13136?redirect=false

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://jira.spring.io/browse/SPR-13136?redirect=false

reference_url

https://lists.debian.org/debian-lts-announce/2019/07/msg00012.html

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2019/07/msg00012.html

reference_url

https://spring.io/security/cve-2015-3192

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://spring.io/security/cve-2015-3192

reference_url

http://www.securityfocus.com/bid/90853

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.securityfocus.com/bid/90853

reference_url

http://www.securitytracker.com/id/1036587

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.securitytracker.com/id/1036587

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1239002
reference_id	1239002
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1239002

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=796137
reference_id	796137
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=796137

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:pivotal_software:spring_framework:3.2.0:::::::*
reference_id	cpe:2.3:a:pivotal_software:spring_framework:3.2.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:pivotal_software:spring_framework:3.2.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:pivotal_software:spring_framework:4.1.0:::::::*
reference_id	cpe:2.3:a:pivotal_software:spring_framework:4.1.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:pivotal_software:spring_framework:4.1.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:spring_framework:3.2.1:::::::*
reference_id	cpe:2.3:a:vmware:spring_framework:3.2.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:spring_framework:3.2.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:spring_framework:3.2.10:::::::*
reference_id	cpe:2.3:a:vmware:spring_framework:3.2.10:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:spring_framework:3.2.10:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:spring_framework:3.2.11:::::::*
reference_id	cpe:2.3:a:vmware:spring_framework:3.2.11:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:spring_framework:3.2.11:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:spring_framework:3.2.12:::::::*
reference_id	cpe:2.3:a:vmware:spring_framework:3.2.12:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:spring_framework:3.2.12:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:spring_framework:3.2.13:::::::*
reference_id	cpe:2.3:a:vmware:spring_framework:3.2.13:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:spring_framework:3.2.13:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:spring_framework:3.2.2:::::::*
reference_id	cpe:2.3:a:vmware:spring_framework:3.2.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:spring_framework:3.2.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:spring_framework:3.2.3:::::::*
reference_id	cpe:2.3:a:vmware:spring_framework:3.2.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:spring_framework:3.2.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:spring_framework:3.2.4:::::::*
reference_id	cpe:2.3:a:vmware:spring_framework:3.2.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:spring_framework:3.2.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:spring_framework:3.2.5:::::::*
reference_id	cpe:2.3:a:vmware:spring_framework:3.2.5:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:spring_framework:3.2.5:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:spring_framework:3.2.6:::::::*
reference_id	cpe:2.3:a:vmware:spring_framework:3.2.6:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:spring_framework:3.2.6:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:spring_framework:3.2.7:::::::*
reference_id	cpe:2.3:a:vmware:spring_framework:3.2.7:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:spring_framework:3.2.7:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:spring_framework:3.2.8:::::::*
reference_id	cpe:2.3:a:vmware:spring_framework:3.2.8:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:spring_framework:3.2.8:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:spring_framework:3.2.9:::::::*
reference_id	cpe:2.3:a:vmware:spring_framework:3.2.9:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:spring_framework:3.2.9:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:spring_framework:4.1.1:::::::*
reference_id	cpe:2.3:a:vmware:spring_framework:4.1.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:spring_framework:4.1.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:spring_framework:4.1.2:::::::*
reference_id	cpe:2.3:a:vmware:spring_framework:4.1.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:spring_framework:4.1.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:spring_framework:4.1.3:::::::*
reference_id	cpe:2.3:a:vmware:spring_framework:4.1.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:spring_framework:4.1.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:spring_framework:4.1.4:::::::*
reference_id	cpe:2.3:a:vmware:spring_framework:4.1.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:spring_framework:4.1.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:spring_framework:4.1.5:::::::*
reference_id	cpe:2.3:a:vmware:spring_framework:4.1.5:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:spring_framework:4.1.5:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:spring_framework:4.1.6:::::::*
reference_id	cpe:2.3:a:vmware:spring_framework:4.1.6:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:spring_framework:4.1.6:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:21:::::::*
reference_id	cpe:2.3:o:fedoraproject:fedora:21:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:21:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:22:::::::*
reference_id	cpe:2.3:o:fedoraproject:fedora:22:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:22:::::::*

reference_url	http://pivotal.io/security/cve-2015-3192
reference_id	CVE-2015-3192
reference_type
scores
url	http://pivotal.io/security/cve-2015-3192

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2015-3192

reference_id

CVE-2015-3192

reference_type

scores

value	4.3
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:N/I:N/A:P

value	5.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2015-3192

reference_url

https://github.com/advisories/GHSA-6v7w-535j-rq5m

reference_id

GHSA-6v7w-535j-rq5m

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/advisories/GHSA-6v7w-535j-rq5m

reference_url	https://access.redhat.com/errata/RHSA-2016:1592
reference_id	RHSA-2016:1592
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2016:1592

reference_url	https://access.redhat.com/errata/RHSA-2016:1593
reference_id	RHSA-2016:1593
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2016:1593

reference_url	https://access.redhat.com/errata/RHSA-2016:2035
reference_id	RHSA-2016:2035
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2016:2035

reference_url	https://access.redhat.com/errata/RHSA-2016:2036
reference_id	RHSA-2016:2036
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2016:2036

reference_url	https://usn.ubuntu.com/USN-4774-1/
reference_id	USN-USN-4774-1
reference_type
scores
url	https://usn.ubuntu.com/USN-4774-1/

fixed_packages

url	pkg:maven/org.springframework/spring-web@4.1.7
purl	pkg:maven/org.springframework/spring-web@4.1.7
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-web@4.1.7

url pkg:maven/org.springframework/spring-web@4.1.7.RELEASE

purl pkg:maven/org.springframework/spring-web@4.1.7.RELEASE

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5ng1-3a32-cugs

vulnerability	VCID-ec6g-dnjb-vycb

vulnerability	VCID-kpma-e8rd-b7c8

vulnerability	VCID-x5w8-j62d-m7h6

vulnerability	VCID-y3uz-etva-sufh

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-web@4.1.7.RELEASE

url	pkg:maven/org.springframework/spring-web@5.0.0.RC3
purl	pkg:maven/org.springframework/spring-web@5.0.0.RC3
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-web@5.0.0.RC3

aliases CVE-2015-3192, GHSA-6v7w-535j-rq5m

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2nff-p7we-tuax

url VCID-eer8-apxc-2ue6

vulnerability_id VCID-eer8-apxc-2ue6

summary The Spring MVC in Spring Framework before 3.2.4 and 4.0.0.M1 through 4.0.0.M2 does not disable external entity resolution for the StAX XMLInputFactory, which allows context-dependent attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via crafted XML with JAXB, aka an XML External Entity (XXE) issue, and a different vulnerability than CVE-2013-4152. NOTE: this issue was SPLIT from CVE-2013-4152 due to different affected versions.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2013-7315

reference_id

reference_type

scores

value	0.00243
scoring_system	epss
scoring_elements	0.47603
published_at	2026-04-24T12:55:00Z

value	0.00243
scoring_system	epss
scoring_elements	0.47592
published_at	2026-04-02T12:55:00Z

value	0.00243
scoring_system	epss
scoring_elements	0.47613
published_at	2026-04-04T12:55:00Z

value	0.00243
scoring_system	epss
scoring_elements	0.47562
published_at	2026-04-07T12:55:00Z

value	0.00243
scoring_system	epss
scoring_elements	0.47616
published_at	2026-04-08T12:55:00Z

value	0.00243
scoring_system	epss
scoring_elements	0.47612
published_at	2026-04-12T12:55:00Z

value	0.00243
scoring_system	epss
scoring_elements	0.47636
published_at	2026-04-11T12:55:00Z

value	0.00243
scoring_system	epss
scoring_elements	0.47621
published_at	2026-04-13T12:55:00Z

value	0.00243
scoring_system	epss
scoring_elements	0.47679
published_at	2026-04-16T12:55:00Z

value	0.00243
scoring_system	epss
scoring_elements	0.47671
published_at	2026-04-18T12:55:00Z

value	0.00243
scoring_system	epss
scoring_elements	0.47624
published_at	2026-04-21T12:55:00Z

value	0.00243
scoring_system	epss
scoring_elements	0.47553
published_at	2026-04-01T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2013-7315

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-7315
reference_id
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-7315

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4152
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4152

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7315
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7315

reference_url

http://seclists.org/bugtraq/2013/Aug/154

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://seclists.org/bugtraq/2013/Aug/154

reference_url

http://seclists.org/fulldisclosure/2013/Nov/14

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://seclists.org/fulldisclosure/2013/Nov/14

reference_url

https://github.com/spring-projects/spring-framework/commit/434735fbf6e7f9051af2ef027657edb99120b173

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/spring-projects/spring-framework/commit/434735fbf6e7f9051af2ef027657edb99120b173

reference_url

https://github.com/spring-projects/spring-framework/commit/7576274874deeccb6da6b09a8d5bd62e8b5538b7

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/spring-projects/spring-framework/commit/7576274874deeccb6da6b09a8d5bd62e8b5538b7

reference_url

https://github.com/spring-projects/spring-framework/issues/15432

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/spring-projects/spring-framework/issues/15432

reference_url

https://jira.spring.io/browse/SPR-10806?redirect=false

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://jira.spring.io/browse/SPR-10806?redirect=false

reference_url

http://www.debian.org/security/2014/dsa-2842

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.debian.org/security/2014/dsa-2842

reference_url

http://www.securityfocus.com/bid/77998

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.securityfocus.com/bid/77998

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=720902
reference_id	720902
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=720902

reference_url	http://www.gopivotal.com/security/cve-2013-4152
reference_id	CVE-2013-4152
reference_type
scores
url	http://www.gopivotal.com/security/cve-2013-4152

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2013-7315

reference_id

CVE-2013-7315

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2013-7315

reference_url

https://github.com/advisories/GHSA-vp63-rrcm-9mph

reference_id

GHSA-vp63-rrcm-9mph

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-vp63-rrcm-9mph

fixed_packages

url pkg:maven/org.springframework/spring-web@4.0.0.RELEASE

purl pkg:maven/org.springframework/spring-web@4.0.0.RELEASE

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2nff-p7we-tuax

vulnerability	VCID-5ng1-3a32-cugs

vulnerability	VCID-ec6g-dnjb-vycb

vulnerability	VCID-kpma-e8rd-b7c8

vulnerability	VCID-r384-aque-vqcw

vulnerability	VCID-x5w8-j62d-m7h6

vulnerability	VCID-y3uz-etva-sufh

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-web@4.0.0.RELEASE

aliases CVE-2013-7315, GHSA-vp63-rrcm-9mph

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-eer8-apxc-2ue6

url VCID-mvx7-2y3s-fbbb

vulnerability_id VCID-mvx7-2y3s-fbbb

summary The SourceHttpMessageConverter in Spring MVC in Spring Framework before 3.2.5 and 4.0.0.M1 through 4.0.0.RC1 does not disable external entity resolution, which allows remote attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via crafted XML, aka an XML External Entity (XXE) issue, and a different vulnerability than CVE-2013-4152 and CVE-2013-7315.

references

reference_url

http://rhn.redhat.com/errata/RHSA-2014-0400.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://rhn.redhat.com/errata/RHSA-2014-0400.html

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-6429.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-6429.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2013-6429

reference_id

reference_type

scores

value	0.38725
scoring_system	epss
scoring_elements	0.97267
published_at	2026-04-24T12:55:00Z

value	0.38725
scoring_system	epss
scoring_elements	0.97241
published_at	2026-04-07T12:55:00Z

value	0.38725
scoring_system	epss
scoring_elements	0.97248
published_at	2026-04-08T12:55:00Z

value	0.38725
scoring_system	epss
scoring_elements	0.97249
published_at	2026-04-09T12:55:00Z

value	0.38725
scoring_system	epss
scoring_elements	0.97252
published_at	2026-04-11T12:55:00Z

value	0.38725
scoring_system	epss
scoring_elements	0.97253
published_at	2026-04-12T12:55:00Z

value	0.38725
scoring_system	epss
scoring_elements	0.97254
published_at	2026-04-13T12:55:00Z

value	0.38725
scoring_system	epss
scoring_elements	0.97262
published_at	2026-04-16T12:55:00Z

value	0.38725
scoring_system	epss
scoring_elements	0.97264
published_at	2026-04-18T12:55:00Z

value	0.38725
scoring_system	epss
scoring_elements	0.97229
published_at	2026-04-01T12:55:00Z

value	0.38725
scoring_system	epss
scoring_elements	0.97235
published_at	2026-04-02T12:55:00Z

value	0.38725
scoring_system	epss
scoring_elements	0.9724
published_at	2026-04-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2013-6429

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6429
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6429

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6430
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6430

reference_url

http://secunia.com/advisories/57915

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://secunia.com/advisories/57915

reference_url

https://github.com/spring-projects/spring-framework/commit/2ae6a6a3415eebc57babcb9d3e5505887eda6d8

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/spring-projects/spring-framework/commit/2ae6a6a3415eebc57babcb9d3e5505887eda6d8

reference_url

https://github.com/spring-projects/spring-framework/commit/7387cb990e35b0f1b573faf29d4f9ae183d7a5e

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/spring-projects/spring-framework/commit/7387cb990e35b0f1b573faf29d4f9ae183d7a5e

reference_url

https://github.com/spring-projects/spring-framework/issues/15704

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/spring-projects/spring-framework/issues/15704

reference_url

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05324755

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05324755

reference_url

https://jira.spring.io/browse/SPR-11078?redirect=false

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://jira.spring.io/browse/SPR-11078?redirect=false

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2013-6429

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2013-6429

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1053290
reference_id	1053290
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1053290

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=735420
reference_id	735420
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=735420

reference_url	https://bugzilla.redhat.com/CVE-2013-6429
reference_id	CVE-2013-6429
reference_type
scores
url	https://bugzilla.redhat.com/CVE-2013-6429

reference_url	http://www.gopivotal.com/security/cve-2013-6429
reference_id	CVE-2013-6429
reference_type
scores
url	http://www.gopivotal.com/security/cve-2013-6429

reference_url

https://github.com/advisories/GHSA-g6hf-f9cq-q7w7

reference_id

GHSA-g6hf-f9cq-q7w7

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-g6hf-f9cq-q7w7

reference_url	https://access.redhat.com/errata/RHSA-2014:0400
reference_id	RHSA-2014:0400
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2014:0400

reference_url	https://access.redhat.com/errata/RHSA-2014:0401
reference_id	RHSA-2014:0401
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2014:0401

fixed_packages

url pkg:maven/org.springframework/spring-web@4.0.0.RELEASE

purl pkg:maven/org.springframework/spring-web@4.0.0.RELEASE

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2nff-p7we-tuax

vulnerability	VCID-5ng1-3a32-cugs

vulnerability	VCID-ec6g-dnjb-vycb

vulnerability	VCID-kpma-e8rd-b7c8

vulnerability	VCID-r384-aque-vqcw

vulnerability	VCID-x5w8-j62d-m7h6

vulnerability	VCID-y3uz-etva-sufh

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-web@4.0.0.RELEASE

aliases CVE-2013-6429, GHSA-g6hf-f9cq-q7w7

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mvx7-2y3s-fbbb

Fixing_vulnerabilities

Risk_score 3.1

Resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-web@4-alpha0

Package Instance