Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:deb/debian/libspring-java@3.0.6.RELEASE-14?distro=trixie
purl pkg:deb/debian/libspring-java@3.0.6.RELEASE-14?distro=trixie
Vulnerabilities affecting this package (0)
Vulnerability Summary Fixed by
This package is not known to be affected by vulnerabilities.
Vulnerabilities fixed by this package (1)
Vulnerability Summary Aliases
VCID-r384-aque-vqcw When processing user provided XML documents, the Spring Framework 4.0.0 to 4.0.4, 3.0.0 to 3.2.8, and possibly earlier unsupported versions did not disable by default the resolution of URI references in a DTD declaration. This enabled an XXE attack. CVE-2014-0225
GHSA-f93f-g33r-8pcp

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-16T13:14:35.139254+00:00 Debian Importer Fixing VCID-r384-aque-vqcw https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-13T09:07:07.114617+00:00 Debian Importer Fixing VCID-r384-aque-vqcw https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-03T07:29:40.880294+00:00 Debian Importer Fixing VCID-r384-aque-vqcw https://security-tracker.debian.org/tracker/data/json 38.1.0