VulnerableCode Package Details - pkg:deb/debian/libspring-java@3.0.6.RELEASE-11?distro=trixie

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-asmf-3c71-gqcb	The JavaScriptUtils.javaScriptEscape method in web/util/JavaScriptUtils.java in Spring MVC in Spring Framework before 3.2.2 does not properly escape certain characters, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a (1) line separator or (2) paragraph separator Unicode character or (3) left or (4) right angle bracket.	CVE-2013-6430 GHSA-xjrf-8x4f-43h4
VCID-mvx7-2y3s-fbbb	The SourceHttpMessageConverter in Spring MVC in Spring Framework before 3.2.5 and 4.0.0.M1 through 4.0.0.RC1 does not disable external entity resolution, which allows remote attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via crafted XML, aka an XML External Entity (XXE) issue, and a different vulnerability than CVE-2013-4152 and CVE-2013-7315.	CVE-2013-6429 GHSA-g6hf-f9cq-q7w7

Vulnerability

Summary

Aliases

VCID-asmf-3c71-gqcb

The JavaScriptUtils.javaScriptEscape method in web/util/JavaScriptUtils.java in Spring MVC in Spring Framework before 3.2.2 does not properly escape certain characters, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a (1) line separator or (2) paragraph separator Unicode character or (3) left or (4) right angle bracket.

CVE-2013-6430
GHSA-xjrf-8x4f-43h4

VCID-mvx7-2y3s-fbbb

The SourceHttpMessageConverter in Spring MVC in Spring Framework before 3.2.5 and 4.0.0.M1 through 4.0.0.RC1 does not disable external entity resolution, which allows remote attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via crafted XML, aka an XML External Entity (XXE) issue, and a different vulnerability than CVE-2013-4152 and CVE-2013-7315.

CVE-2013-6429
GHSA-g6hf-f9cq-q7w7

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T13:22:02.446714+00:00	Debian Importer	Fixing	VCID-asmf-3c71-gqcb	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T09:11:10.808217+00:00	Debian Importer	Fixing	VCID-mvx7-2y3s-fbbb	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-13T09:12:55.108160+00:00	Debian Importer	Fixing	VCID-asmf-3c71-gqcb	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-11T18:08:55.561266+00:00	Debian Importer	Fixing	VCID-mvx7-2y3s-fbbb	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-03T07:29:40.690588+00:00	Debian Importer	Fixing	VCID-asmf-3c71-gqcb	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:29:40.642893+00:00	Debian Importer	Fixing	VCID-mvx7-2y3s-fbbb	https://security-tracker.debian.org/tracker/data/json	38.1.0