VulnerableCode Package Details - pkg:maven/org.springframework/spring-core@4.0.0

Search for packages

Vulnerability	Summary	Fixed by
VCID-2nff-p7we-tuax Aliases: CVE-2015-3192 GHSA-6v7w-535j-rq5m	Pivotal Spring Framework before 3.2.14 and 4.x before 4.1.7 do not properly process inline DTD declarations when DTD is not entirely disabled, which allows remote attackers to cause a denial of service (memory consumption and out-of-memory errors) via a crafted XML file.	4.1.7 Affected by 0 other vulnerabilities. 4.1.7.RELEASE Affected by 10 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-53gt-nbgk-hyc2 Aliases: CVE-2014-3578 GHSA-rhcg-rwhx-qj3j	Directory traversal vulnerability in Pivotal Spring Framework 3.x before 3.2.9 and 4.0 before 4.0.5 allows remote attackers to read arbitrary files via a crafted URL.	4.0.5 Affected by 0 other vulnerabilities. 4.0.5.RELEASE Affected by 11 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-ec6g-dnjb-vycb Aliases: CVE-2015-5211 GHSA-pgf9-h69p-pcgf	Under some situations, the Spring Framework 4.2.0 to 4.2.1, 4.0.0 to 4.1.7, 3.2.0 to 3.2.14 and older unsupported versions is vulnerable to a Reflected File Download (RFD) attack. The attack involves a malicious user crafting a URL with a batch script extension that results in the response being downloaded rather than rendered and also includes some input reflected in the response.	4.1.8 Affected by 0 other vulnerabilities. 4.2.2 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-2nff-p7we-tuax
Aliases:
CVE-2015-3192
GHSA-6v7w-535j-rq5m

Pivotal Spring Framework before 3.2.14 and 4.x before 4.1.7 do not properly process inline DTD declarations when DTD is not entirely disabled, which allows remote attackers to cause a denial of service (memory consumption and out-of-memory errors) via a crafted XML file.

4.1.7
Affected by 0 other vulnerabilities.

4.1.7.RELEASE
Affected by 10 other vulnerabilities.

VCID-53gt-nbgk-hyc2
Aliases:
CVE-2014-3578
GHSA-rhcg-rwhx-qj3j

Directory traversal vulnerability in Pivotal Spring Framework 3.x before 3.2.9 and 4.0 before 4.0.5 allows remote attackers to read arbitrary files via a crafted URL.

4.0.5
Affected by 0 other vulnerabilities.

4.0.5.RELEASE
Affected by 11 other vulnerabilities.

VCID-ec6g-dnjb-vycb
Aliases:
CVE-2015-5211
GHSA-pgf9-h69p-pcgf

Under some situations, the Spring Framework 4.2.0 to 4.2.1, 4.0.0 to 4.1.7, 3.2.0 to 3.2.14 and older unsupported versions is vulnerable to a Reflected File Download (RFD) attack. The attack involves a malicious user crafting a URL with a batch script extension that results in the response being downloaded rather than rendered and also includes some input reflected in the response.

4.1.8
Affected by 0 other vulnerabilities.

4.2.2
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-04T14:30:09.120662+00:00	GHSA Importer	Affected by	VCID-53gt-nbgk-hyc2	https://github.com/advisories/GHSA-rhcg-rwhx-qj3j	38.1.0
2026-04-01T15:56:59.593902+00:00	GHSA Importer	Affected by	VCID-ec6g-dnjb-vycb	https://github.com/advisories/GHSA-pgf9-h69p-pcgf	38.0.0
2026-04-01T12:50:35.304457+00:00	GitLab Importer	Affected by	VCID-53gt-nbgk-hyc2	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.springframework/spring-core/CVE-2014-3578.yml	38.0.0
2026-04-01T12:48:04.916604+00:00	GitLab Importer	Affected by	VCID-2nff-p7we-tuax	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.springframework/spring-core/CVE-2015-3192.yml	38.0.0