Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/org.springframework/spring-core@4.0.0
Typemaven
Namespaceorg.springframework
Namespring-core
Version4.0.0
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version5.2.24.RELEASE
Latest_non_vulnerable_version6.2.11
Affected_by_vulnerabilities
0
url VCID-2nff-p7we-tuax
vulnerability_id VCID-2nff-p7we-tuax
summary Pivotal Spring Framework before 3.2.14 and 4.x before 4.1.7 do not properly process inline DTD declarations when DTD is not entirely disabled, which allows remote attackers to cause a denial of service (memory consumption and out-of-memory errors) via a crafted XML file.
references
0
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162015.html
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162015.html
1
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162017.html
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162017.html
2
reference_url http://rhn.redhat.com/errata/RHSA-2016-1592.html
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2016-1592.html
3
reference_url http://rhn.redhat.com/errata/RHSA-2016-1593.html
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2016-1593.html
4
reference_url http://rhn.redhat.com/errata/RHSA-2016-2035.html
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2016-2035.html
5
reference_url http://rhn.redhat.com/errata/RHSA-2016-2036.html
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2016-2036.html
6
reference_url https://access.redhat.com/errata/RHSA-2016:1218
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2016:1218
7
reference_url https://access.redhat.com/errata/RHSA-2016:1219
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2016:1219
8
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-3192.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-3192.json
9
reference_url https://api.first.org/data/v1/epss?cve=CVE-2015-3192
reference_id
reference_type
scores
0
value 0.01378
scoring_system epss
scoring_elements 0.80294
published_at 2026-04-21T12:55:00Z
1
value 0.01378
scoring_system epss
scoring_elements 0.80206
published_at 2026-04-01T12:55:00Z
2
value 0.01378
scoring_system epss
scoring_elements 0.80214
published_at 2026-04-02T12:55:00Z
3
value 0.01378
scoring_system epss
scoring_elements 0.80234
published_at 2026-04-04T12:55:00Z
4
value 0.01378
scoring_system epss
scoring_elements 0.80222
published_at 2026-04-07T12:55:00Z
5
value 0.01378
scoring_system epss
scoring_elements 0.80251
published_at 2026-04-08T12:55:00Z
6
value 0.01378
scoring_system epss
scoring_elements 0.80261
published_at 2026-04-09T12:55:00Z
7
value 0.01378
scoring_system epss
scoring_elements 0.80279
published_at 2026-04-11T12:55:00Z
8
value 0.01378
scoring_system epss
scoring_elements 0.80264
published_at 2026-04-12T12:55:00Z
9
value 0.01378
scoring_system epss
scoring_elements 0.80258
published_at 2026-04-13T12:55:00Z
10
value 0.01378
scoring_system epss
scoring_elements 0.80288
published_at 2026-04-16T12:55:00Z
11
value 0.01378
scoring_system epss
scoring_elements 0.8029
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2015-3192
10
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3192
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3192
11
reference_url https://github.com/spring-projects/spring-framework
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/spring-projects/spring-framework
12
reference_url https://github.com/spring-projects/spring-framework/commit/0411435bac835de88a80a64b3f67b1b89244e907
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/spring-projects/spring-framework/commit/0411435bac835de88a80a64b3f67b1b89244e907
13
reference_url https://github.com/spring-projects/spring-framework/commit/38b8262e1e2db9be9d2171d81547da5c65ba7e09
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/spring-projects/spring-framework/commit/38b8262e1e2db9be9d2171d81547da5c65ba7e09
14
reference_url https://github.com/spring-projects/spring-framework/commit/5a711c05ec750f069235597173084c2ee796242
reference_id
reference_type
scores
url https://github.com/spring-projects/spring-framework/commit/5a711c05ec750f069235597173084c2ee796242
15
reference_url https://github.com/spring-projects/spring-framework/commit/5a711c05ec750f069235597173084c2ee7962424
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/spring-projects/spring-framework/commit/5a711c05ec750f069235597173084c2ee7962424
16
reference_url https://github.com/spring-projects/spring-framework/commit/9c3580d04e84d25a90ef4c249baee1b4e02df15e
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/spring-projects/spring-framework/commit/9c3580d04e84d25a90ef4c249baee1b4e02df15e
17
reference_url https://github.com/spring-projects/spring-framework/commit/d79ec68db40c381b8e205af52748ebd3163ee33b
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/spring-projects/spring-framework/commit/d79ec68db40c381b8e205af52748ebd3163ee33b
18
reference_url https://github.com/spring-projects/spring-framework/commit/e4651d6b50c5bc85c84ff537859c212ac4e33434
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/spring-projects/spring-framework/commit/e4651d6b50c5bc85c84ff537859c212ac4e33434
19
reference_url https://github.com/spring-projects/spring-framework/issues/17727
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/spring-projects/spring-framework/issues/17727
20
reference_url https://github.com/spring-projects/spring-framework/issues/20352
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/spring-projects/spring-framework/issues/20352
21
reference_url https://jira.spring.io/browse/SPR-13136
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://jira.spring.io/browse/SPR-13136
22
reference_url https://jira.spring.io/browse/SPR-13136?redirect=false
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://jira.spring.io/browse/SPR-13136?redirect=false
23
reference_url https://lists.debian.org/debian-lts-announce/2019/07/msg00012.html
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2019/07/msg00012.html
24
reference_url https://spring.io/security/cve-2015-3192
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://spring.io/security/cve-2015-3192
25
reference_url http://www.securityfocus.com/bid/90853
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/90853
26
reference_url http://www.securitytracker.com/id/1036587
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.securitytracker.com/id/1036587
27
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1239002
reference_id 1239002
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1239002
28
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=796137
reference_id 796137
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=796137
29
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:pivotal_software:spring_framework:3.2.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:pivotal_software:spring_framework:3.2.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:pivotal_software:spring_framework:3.2.0:*:*:*:*:*:*:*
30
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:pivotal_software:spring_framework:4.1.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:pivotal_software:spring_framework:4.1.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:pivotal_software:spring_framework:4.1.0:*:*:*:*:*:*:*
31
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:spring_framework:3.2.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:vmware:spring_framework:3.2.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:spring_framework:3.2.1:*:*:*:*:*:*:*
32
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:spring_framework:3.2.10:*:*:*:*:*:*:*
reference_id cpe:2.3:a:vmware:spring_framework:3.2.10:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:spring_framework:3.2.10:*:*:*:*:*:*:*
33
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:spring_framework:3.2.11:*:*:*:*:*:*:*
reference_id cpe:2.3:a:vmware:spring_framework:3.2.11:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:spring_framework:3.2.11:*:*:*:*:*:*:*
34
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:spring_framework:3.2.12:*:*:*:*:*:*:*
reference_id cpe:2.3:a:vmware:spring_framework:3.2.12:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:spring_framework:3.2.12:*:*:*:*:*:*:*
35
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:spring_framework:3.2.13:*:*:*:*:*:*:*
reference_id cpe:2.3:a:vmware:spring_framework:3.2.13:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:spring_framework:3.2.13:*:*:*:*:*:*:*
36
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:spring_framework:3.2.2:*:*:*:*:*:*:*
reference_id cpe:2.3:a:vmware:spring_framework:3.2.2:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:spring_framework:3.2.2:*:*:*:*:*:*:*
37
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:spring_framework:3.2.3:*:*:*:*:*:*:*
reference_id cpe:2.3:a:vmware:spring_framework:3.2.3:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:spring_framework:3.2.3:*:*:*:*:*:*:*
38
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:spring_framework:3.2.4:*:*:*:*:*:*:*
reference_id cpe:2.3:a:vmware:spring_framework:3.2.4:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:spring_framework:3.2.4:*:*:*:*:*:*:*
39
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:spring_framework:3.2.5:*:*:*:*:*:*:*
reference_id cpe:2.3:a:vmware:spring_framework:3.2.5:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:spring_framework:3.2.5:*:*:*:*:*:*:*
40
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:spring_framework:3.2.6:*:*:*:*:*:*:*
reference_id cpe:2.3:a:vmware:spring_framework:3.2.6:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:spring_framework:3.2.6:*:*:*:*:*:*:*
41
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:spring_framework:3.2.7:*:*:*:*:*:*:*
reference_id cpe:2.3:a:vmware:spring_framework:3.2.7:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:spring_framework:3.2.7:*:*:*:*:*:*:*
42
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:spring_framework:3.2.8:*:*:*:*:*:*:*
reference_id cpe:2.3:a:vmware:spring_framework:3.2.8:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:spring_framework:3.2.8:*:*:*:*:*:*:*
43
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:spring_framework:3.2.9:*:*:*:*:*:*:*
reference_id cpe:2.3:a:vmware:spring_framework:3.2.9:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:spring_framework:3.2.9:*:*:*:*:*:*:*
44
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:spring_framework:4.1.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:vmware:spring_framework:4.1.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:spring_framework:4.1.1:*:*:*:*:*:*:*
45
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:spring_framework:4.1.2:*:*:*:*:*:*:*
reference_id cpe:2.3:a:vmware:spring_framework:4.1.2:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:spring_framework:4.1.2:*:*:*:*:*:*:*
46
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:spring_framework:4.1.3:*:*:*:*:*:*:*
reference_id cpe:2.3:a:vmware:spring_framework:4.1.3:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:spring_framework:4.1.3:*:*:*:*:*:*:*
47
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:spring_framework:4.1.4:*:*:*:*:*:*:*
reference_id cpe:2.3:a:vmware:spring_framework:4.1.4:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:spring_framework:4.1.4:*:*:*:*:*:*:*
48
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:spring_framework:4.1.5:*:*:*:*:*:*:*
reference_id cpe:2.3:a:vmware:spring_framework:4.1.5:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:spring_framework:4.1.5:*:*:*:*:*:*:*
49
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:spring_framework:4.1.6:*:*:*:*:*:*:*
reference_id cpe:2.3:a:vmware:spring_framework:4.1.6:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:spring_framework:4.1.6:*:*:*:*:*:*:*
50
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:21:*:*:*:*:*:*:*
reference_id cpe:2.3:o:fedoraproject:fedora:21:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:21:*:*:*:*:*:*:*
51
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*
reference_id cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*
52
reference_url http://pivotal.io/security/cve-2015-3192
reference_id CVE-2015-3192
reference_type
scores
url http://pivotal.io/security/cve-2015-3192
53
reference_url https://nvd.nist.gov/vuln/detail/CVE-2015-3192
reference_id CVE-2015-3192
reference_type
scores
0
value 4.3
scoring_system cvssv2
scoring_elements AV:N/AC:M/Au:N/C:N/I:N/A:P
1
value 5.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
2
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
3
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2015-3192
54
reference_url https://github.com/advisories/GHSA-6v7w-535j-rq5m
reference_id GHSA-6v7w-535j-rq5m
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-6v7w-535j-rq5m
55
reference_url https://access.redhat.com/errata/RHSA-2016:1592
reference_id RHSA-2016:1592
reference_type
scores
url https://access.redhat.com/errata/RHSA-2016:1592
56
reference_url https://access.redhat.com/errata/RHSA-2016:1593
reference_id RHSA-2016:1593
reference_type
scores
url https://access.redhat.com/errata/RHSA-2016:1593
57
reference_url https://access.redhat.com/errata/RHSA-2016:2035
reference_id RHSA-2016:2035
reference_type
scores
url https://access.redhat.com/errata/RHSA-2016:2035
58
reference_url https://access.redhat.com/errata/RHSA-2016:2036
reference_id RHSA-2016:2036
reference_type
scores
url https://access.redhat.com/errata/RHSA-2016:2036
59
reference_url https://usn.ubuntu.com/USN-4774-1/
reference_id USN-USN-4774-1
reference_type
scores
url https://usn.ubuntu.com/USN-4774-1/
fixed_packages
0
url pkg:maven/org.springframework/spring-core@4.1.7
purl pkg:maven/org.springframework/spring-core@4.1.7
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-core@4.1.7
1
url pkg:maven/org.springframework/spring-core@4.1.7.RELEASE
purl pkg:maven/org.springframework/spring-core@4.1.7.RELEASE
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3rev-eg6f-tkb7
1
vulnerability VCID-6ysx-5wcw-f7b5
2
vulnerability VCID-c74k-e1me-pfb2
3
vulnerability VCID-cyjt-4vjn-mbc7
4
vulnerability VCID-dfs4-emmn-f3eb
5
vulnerability VCID-k17s-ttg2-ubgj
6
vulnerability VCID-pb7f-yasx-17ag
7
vulnerability VCID-w6br-v2gm-j7gr
8
vulnerability VCID-y3uz-etva-sufh
9
vulnerability VCID-z3th-j593-m7bg
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-core@4.1.7.RELEASE
aliases CVE-2015-3192, GHSA-6v7w-535j-rq5m
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2nff-p7we-tuax
1
url VCID-53gt-nbgk-hyc2
vulnerability_id VCID-53gt-nbgk-hyc2
summary Directory traversal vulnerability in Pivotal Spring Framework 3.x before 3.2.9 and 4.0 before 4.0.5 allows remote attackers to read arbitrary files via a crafted URL.
references
0
reference_url http://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000054.html
reference_id
reference_type
scores
url http://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000054.html
1
reference_url http://jvndb.jvn.jp/jvndb/JVNDB-2014-000054
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://jvndb.jvn.jp/jvndb/JVNDB-2014-000054
2
reference_url http://jvn.jp/en/jp/JVN49154900/index.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://jvn.jp/en/jp/JVN49154900/index.html
3
reference_url http://rhn.redhat.com/errata/RHSA-2015-0720.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2015-0720.html
4
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3578.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3578.json
5
reference_url https://api.first.org/data/v1/epss?cve=CVE-2014-3578
reference_id
reference_type
scores
0
value 0.04358
scoring_system epss
scoring_elements 0.88961
published_at 2026-04-21T12:55:00Z
1
value 0.04358
scoring_system epss
scoring_elements 0.88899
published_at 2026-04-01T12:55:00Z
2
value 0.04358
scoring_system epss
scoring_elements 0.88907
published_at 2026-04-02T12:55:00Z
3
value 0.04358
scoring_system epss
scoring_elements 0.88923
published_at 2026-04-04T12:55:00Z
4
value 0.04358
scoring_system epss
scoring_elements 0.88925
published_at 2026-04-07T12:55:00Z
5
value 0.04358
scoring_system epss
scoring_elements 0.88944
published_at 2026-04-08T12:55:00Z
6
value 0.04358
scoring_system epss
scoring_elements 0.88949
published_at 2026-04-09T12:55:00Z
7
value 0.04358
scoring_system epss
scoring_elements 0.8896
published_at 2026-04-11T12:55:00Z
8
value 0.04358
scoring_system epss
scoring_elements 0.88954
published_at 2026-04-12T12:55:00Z
9
value 0.04358
scoring_system epss
scoring_elements 0.88953
published_at 2026-04-13T12:55:00Z
10
value 0.04358
scoring_system epss
scoring_elements 0.88966
published_at 2026-04-16T12:55:00Z
11
value 0.04358
scoring_system epss
scoring_elements 0.88964
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2014-3578
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1131882
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=1131882
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3578
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3578
8
reference_url https://github.com/spring-projects/spring-framework
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/spring-projects/spring-framework
9
reference_url https://github.com/spring-projects/spring-framework/commit/748167bfa33c3c69db2d8dbdc3a0e9da692da3a0
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/spring-projects/spring-framework/commit/748167bfa33c3c69db2d8dbdc3a0e9da692da3a0
10
reference_url https://github.com/spring-projects/spring-framework/commit/8e096aeef55287dc829484996c9330cf755891a1
reference_id
reference_type
scores
url https://github.com/spring-projects/spring-framework/commit/8e096aeef55287dc829484996c9330cf755891a1
11
reference_url https://github.com/spring-projects/spring-framework/commit/8ee465103850a3dca018273fe5952e40d5c45a66
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/spring-projects/spring-framework/commit/8ee465103850a3dca018273fe5952e40d5c45a66
12
reference_url https://github.com/spring-projects/spring-framework/commit/c6503ebbf7c9e21ff022c58706dbac5417b2b5eb
reference_id
reference_type
scores
url https://github.com/spring-projects/spring-framework/commit/c6503ebbf7c9e21ff022c58706dbac5417b2b5eb
13
reference_url https://github.com/spring-projects/spring-framework/commit/f6fddeb6eb7da625fd711ab371ff16512f431e8d
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/spring-projects/spring-framework/commit/f6fddeb6eb7da625fd711ab371ff16512f431e8d
14
reference_url https://github.com/spring-projects/spring-framework/issues/16414
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/spring-projects/spring-framework/issues/16414
15
reference_url https://jira.spring.io/browse/SPR-12354
reference_id
reference_type
scores
url https://jira.spring.io/browse/SPR-12354
16
reference_url https://lists.debian.org/debian-lts-announce/2019/07/msg00012.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2019/07/msg00012.html
17
reference_url https://rhn.redhat.com/errata/RHSA-2015-0234.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://rhn.redhat.com/errata/RHSA-2015-0234.html
18
reference_url https://rhn.redhat.com/errata/RHSA-2015-0235.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://rhn.redhat.com/errata/RHSA-2015-0235.html
19
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=760733
reference_id 760733
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=760733
20
reference_url http://pivotal.io/security/cve-2014-3578
reference_id CVE-2014-3578
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://pivotal.io/security/cve-2014-3578
21
reference_url https://nvd.nist.gov/vuln/detail/CVE-2014-3578
reference_id CVE-2014-3578
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2014-3578
22
reference_url http://www.pivotal.io/security/cve-2014-3578
reference_id CVE-2014-3578
reference_type
scores
url http://www.pivotal.io/security/cve-2014-3578
23
reference_url https://github.com/advisories/GHSA-rhcg-rwhx-qj3j
reference_id GHSA-rhcg-rwhx-qj3j
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-rhcg-rwhx-qj3j
24
reference_url https://access.redhat.com/errata/RHSA-2015:0234
reference_id RHSA-2015:0234
reference_type
scores
url https://access.redhat.com/errata/RHSA-2015:0234
25
reference_url https://access.redhat.com/errata/RHSA-2015:0235
reference_id RHSA-2015:0235
reference_type
scores
url https://access.redhat.com/errata/RHSA-2015:0235
26
reference_url https://access.redhat.com/errata/RHSA-2015:0675
reference_id RHSA-2015:0675
reference_type
scores
url https://access.redhat.com/errata/RHSA-2015:0675
27
reference_url https://access.redhat.com/errata/RHSA-2015:0720
reference_id RHSA-2015:0720
reference_type
scores
url https://access.redhat.com/errata/RHSA-2015:0720
28
reference_url https://usn.ubuntu.com/USN-4774-1/
reference_id USN-USN-4774-1
reference_type
scores
url https://usn.ubuntu.com/USN-4774-1/
fixed_packages
0
url pkg:maven/org.springframework/spring-core@4.0.5
purl pkg:maven/org.springframework/spring-core@4.0.5
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-core@4.0.5
1
url pkg:maven/org.springframework/spring-core@4.0.5.RELEASE
purl pkg:maven/org.springframework/spring-core@4.0.5.RELEASE
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2nff-p7we-tuax
1
vulnerability VCID-3rev-eg6f-tkb7
2
vulnerability VCID-6ysx-5wcw-f7b5
3
vulnerability VCID-c74k-e1me-pfb2
4
vulnerability VCID-cyjt-4vjn-mbc7
5
vulnerability VCID-dfs4-emmn-f3eb
6
vulnerability VCID-k17s-ttg2-ubgj
7
vulnerability VCID-pb7f-yasx-17ag
8
vulnerability VCID-w6br-v2gm-j7gr
9
vulnerability VCID-y3uz-etva-sufh
10
vulnerability VCID-z3th-j593-m7bg
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-core@4.0.5.RELEASE
aliases CVE-2014-3578, GHSA-rhcg-rwhx-qj3j
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-53gt-nbgk-hyc2
2
url VCID-ec6g-dnjb-vycb
vulnerability_id VCID-ec6g-dnjb-vycb
summary Under some situations, the Spring Framework 4.2.0 to 4.2.1, 4.0.0 to 4.1.7, 3.2.0 to 3.2.14 and older unsupported versions is vulnerable to a Reflected File Download (RFD) attack. The attack involves a malicious user crafting a URL with a batch script extension that results in the response being downloaded rather than rendered and also includes some input reflected in the response.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2015-5211
reference_id
reference_type
scores
0
value 0.01918
scoring_system epss
scoring_elements 0.83266
published_at 2026-04-01T12:55:00Z
1
value 0.01918
scoring_system epss
scoring_elements 0.83373
published_at 2026-04-21T12:55:00Z
2
value 0.01918
scoring_system epss
scoring_elements 0.83371
published_at 2026-04-18T12:55:00Z
3
value 0.01918
scoring_system epss
scoring_elements 0.8337
published_at 2026-04-16T12:55:00Z
4
value 0.01918
scoring_system epss
scoring_elements 0.83335
published_at 2026-04-13T12:55:00Z
5
value 0.01918
scoring_system epss
scoring_elements 0.83339
published_at 2026-04-12T12:55:00Z
6
value 0.01918
scoring_system epss
scoring_elements 0.83345
published_at 2026-04-11T12:55:00Z
7
value 0.01918
scoring_system epss
scoring_elements 0.8333
published_at 2026-04-09T12:55:00Z
8
value 0.01918
scoring_system epss
scoring_elements 0.83321
published_at 2026-04-08T12:55:00Z
9
value 0.01918
scoring_system epss
scoring_elements 0.83297
published_at 2026-04-07T12:55:00Z
10
value 0.01918
scoring_system epss
scoring_elements 0.83283
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2015-5211
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5211
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5211
2
reference_url https://github.com/spring-projects/spring-framework
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/spring-projects/spring-framework
3
reference_url https://github.com/spring-projects/spring-framework/commit/03f547eb9868f48f44d59b56067d4ac4740672c3
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/spring-projects/spring-framework/commit/03f547eb9868f48f44d59b56067d4ac4740672c3
4
reference_url https://github.com/spring-projects/spring-framework/commit/2bd1daa75ee0b8ec33608ca6ab065ef3e1815543
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/spring-projects/spring-framework/commit/2bd1daa75ee0b8ec33608ca6ab065ef3e1815543
5
reference_url https://github.com/spring-projects/spring-framework/commit/a95c3d820dbc4c3ae752f1b3ee22ee860b162402
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/spring-projects/spring-framework/commit/a95c3d820dbc4c3ae752f1b3ee22ee860b162402
6
reference_url https://lists.debian.org/debian-lts-announce/2019/07/msg00012.html
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2019/07/msg00012.html
7
reference_url https://www.trustwave.com/Resources/SpiderLabs-Blog/Reflected-File-Download---A-New-Web-Attack-Vector
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.trustwave.com/Resources/SpiderLabs-Blog/Reflected-File-Download---A-New-Web-Attack-Vector
8
reference_url https://www.trustwave.com/Resources/SpiderLabs-Blog/Reflected-File-Download---A-New-Web-Attack-Vector/
reference_id
reference_type
scores
url https://www.trustwave.com/Resources/SpiderLabs-Blog/Reflected-File-Download---A-New-Web-Attack-Vector/
9
reference_url http://pivotal.io/security/cve-2015-5211
reference_id CVE-2015-5211
reference_type
scores
url http://pivotal.io/security/cve-2015-5211
10
reference_url https://access.redhat.com/security/cve/cve-2015-5211
reference_id CVE-2015-5211
reference_type
scores
url https://access.redhat.com/security/cve/cve-2015-5211
11
reference_url https://nvd.nist.gov/vuln/detail/CVE-2015-5211
reference_id CVE-2015-5211
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2015-5211
12
reference_url https://pivotal.io/security/cve-2015-5211
reference_id CVE-2015-5211
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://pivotal.io/security/cve-2015-5211
13
reference_url https://github.com/advisories/GHSA-pgf9-h69p-pcgf
reference_id GHSA-pgf9-h69p-pcgf
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-pgf9-h69p-pcgf
14
reference_url https://usn.ubuntu.com/USN-4774-1/
reference_id USN-USN-4774-1
reference_type
scores
url https://usn.ubuntu.com/USN-4774-1/
fixed_packages
0
url pkg:maven/org.springframework/spring-core@4.1.8
purl pkg:maven/org.springframework/spring-core@4.1.8
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-core@4.1.8
1
url pkg:maven/org.springframework/spring-core@4.2.2
purl pkg:maven/org.springframework/spring-core@4.2.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-core@4.2.2
aliases CVE-2015-5211, GHSA-pgf9-h69p-pcgf
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ec6g-dnjb-vycb
Fixing_vulnerabilities
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-core@4.0.0