VulnerableCode Package Details - pkg:deb/debian/libspring-java@3.0.6.RELEASE-10?distro=trixie

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-e7xv-sdvz-g7e4	The Spring OXM wrapper in Spring Framework before 3.2.4 and 4.0.0.M1, when using the JAXB marshaller, does not disable entity resolution, which allows context-dependent attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via an XML external entity declaration in conjunction with an entity reference in a (1) DOMSource, (2) StAXSource, (3) SAXSource, or (4) StreamSource, aka an XML External Entity (XXE) issue.	CVE-2013-4152 GHSA-rp4p-g69r-438x
VCID-eer8-apxc-2ue6	The Spring MVC in Spring Framework before 3.2.4 and 4.0.0.M1 through 4.0.0.M2 does not disable external entity resolution for the StAX XMLInputFactory, which allows context-dependent attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via crafted XML with JAXB, aka an XML External Entity (XXE) issue, and a different vulnerability than CVE-2013-4152. NOTE: this issue was SPLIT from CVE-2013-4152 due to different affected versions.	CVE-2013-7315 GHSA-vp63-rrcm-9mph

Vulnerability

Summary

Aliases

VCID-e7xv-sdvz-g7e4

The Spring OXM wrapper in Spring Framework before 3.2.4 and 4.0.0.M1, when using the JAXB marshaller, does not disable entity resolution, which allows context-dependent attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via an XML external entity declaration in conjunction with an entity reference in a (1) DOMSource, (2) StAXSource, (3) SAXSource, or (4) StreamSource, aka an XML External Entity (XXE) issue.

CVE-2013-4152
GHSA-rp4p-g69r-438x

VCID-eer8-apxc-2ue6

The Spring MVC in Spring Framework before 3.2.4 and 4.0.0.M1 through 4.0.0.M2 does not disable external entity resolution for the StAX XMLInputFactory, which allows context-dependent attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via crafted XML with JAXB, aka an XML External Entity (XXE) issue, and a different vulnerability than CVE-2013-4152. NOTE: this issue was SPLIT from CVE-2013-4152 due to different affected versions.

CVE-2013-7315
GHSA-vp63-rrcm-9mph

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T13:11:51.260239+00:00	Debian Importer	Fixing	VCID-eer8-apxc-2ue6	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T12:05:22.222838+00:00	Debian Importer	Fixing	VCID-e7xv-sdvz-g7e4	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-13T09:04:54.747447+00:00	Debian Importer	Fixing	VCID-eer8-apxc-2ue6	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T08:15:46.511267+00:00	Debian Importer	Fixing	VCID-e7xv-sdvz-g7e4	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-03T07:29:40.738565+00:00	Debian Importer	Fixing	VCID-eer8-apxc-2ue6	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:29:40.590588+00:00	Debian Importer	Fixing	VCID-e7xv-sdvz-g7e4	https://security-tracker.debian.org/tracker/data/json	38.1.0