VulnerableCode Package Details - pkg:deb/debian/libspring-java@3.0.6.RELEASE-13?distro=trixie

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-ajex-5x84-8ygb	Cross-site scripting (XSS) vulnerability in web/servlet/tags/form/FormTag.java in Spring MVC in Spring Framework 3.0.0 before 3.2.8 and 4.0.0 before 4.0.2 allows remote attackers to inject arbitrary web script or HTML via the requested URI in a default action.	CVE-2014-1904 GHSA-ff7p-jqjm-v66h
VCID-vkf8-5z5m-wqc7	The Jaxb2RootElementHttpMessageConverter in Spring MVC in Spring Framework before 3.2.8 and 4.0.0 before 4.0.2 does not disable external entity resolution, which allows remote attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via crafted XML, aka an XML External Entity (XXE) issue. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-4152, CVE-2013-7315, and CVE-2013-6429.	CVE-2014-0054 GHSA-8cmm-qj8g-fcp6

Vulnerability

Summary

Aliases

VCID-ajex-5x84-8ygb

Cross-site scripting (XSS) vulnerability in web/servlet/tags/form/FormTag.java in Spring MVC in Spring Framework 3.0.0 before 3.2.8 and 4.0.0 before 4.0.2 allows remote attackers to inject arbitrary web script or HTML via the requested URI in a default action.

CVE-2014-1904
GHSA-ff7p-jqjm-v66h

VCID-vkf8-5z5m-wqc7

The Jaxb2RootElementHttpMessageConverter in Spring MVC in Spring Framework before 3.2.8 and 4.0.0 before 4.0.2 does not disable external entity resolution, which allows remote attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via crafted XML, aka an XML External Entity (XXE) issue. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-4152, CVE-2013-7315, and CVE-2013-6429.

CVE-2014-0054
GHSA-8cmm-qj8g-fcp6

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T13:10:53.815524+00:00	Debian Importer	Fixing	VCID-vkf8-5z5m-wqc7	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T09:48:47.857442+00:00	Debian Importer	Fixing	VCID-ajex-5x84-8ygb	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-13T09:04:11.364128+00:00	Debian Importer	Fixing	VCID-vkf8-5z5m-wqc7	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T06:33:25.746337+00:00	Debian Importer	Fixing	VCID-ajex-5x84-8ygb	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-03T07:29:40.929003+00:00	Debian Importer	Fixing	VCID-ajex-5x84-8ygb	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:29:40.788647+00:00	Debian Importer	Fixing	VCID-vkf8-5z5m-wqc7	https://security-tracker.debian.org/tracker/data/json	38.1.0