Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:maven/org.springframework/spring-oxm@3.2.9.RELEASE
purl pkg:maven/org.springframework/spring-oxm@3.2.9.RELEASE
Next non-vulnerable version 4.2.9.RELEASE
Latest non-vulnerable version 5.2.9.RELEASE
Risk 3.1
Vulnerabilities affecting this package (1)
Vulnerability Summary Fixed by
VCID-y3uz-etva-sufh
Aliases:
CVE-2020-5421
GHSA-rv39-3qh7-9v7w
Improper Input Validation in Spring Framework In Spring Framework versions 5.2.0 - 5.2.8, 5.1.0 - 5.1.17, 5.0.0 - 5.0.18, 4.3.0 - 4.3.28, and older unsupported versions, the protections against RFD attacks from CVE-2015-5211 may be bypassed depending on the browser used through the use of a jsessionid path parameter.
4.2.9.RELEASE
Affected by 0 other vulnerabilities.
4.3.28.RELEASE
Affected by 0 other vulnerabilities.
4.3.29.RELEASE
Affected by 0 other vulnerabilities.
5.0.18.RELEASE
Affected by 0 other vulnerabilities.
5.0.19.RELEASE
Affected by 0 other vulnerabilities.
5.1.17.RELEASE
Affected by 0 other vulnerabilities.
5.1.18.RELEASE
Affected by 0 other vulnerabilities.
5.2.8.RELEASE
Affected by 0 other vulnerabilities.
5.2.9.RELEASE
Affected by 0 other vulnerabilities.
Vulnerabilities fixed by this package (1)
Vulnerability Summary Aliases
VCID-r384-aque-vqcw When processing user provided XML documents, the Spring Framework 4.0.0 to 4.0.4, 3.0.0 to 3.2.8, and possibly earlier unsupported versions did not disable by default the resolution of URI references in a DTD declaration. This enabled an XXE attack. CVE-2014-0225
GHSA-f93f-g33r-8pcp

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-16T21:12:06.385682+00:00 GitLab Importer Affected by VCID-y3uz-etva-sufh https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.springframework/spring-oxm/CVE-2020-5421.yml 38.4.0
2026-04-16T20:37:03.904012+00:00 GitLab Importer Fixing VCID-r384-aque-vqcw https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.springframework/spring-oxm/CVE-2014-0225.yml 38.4.0
2026-04-11T22:24:04.281145+00:00 GitLab Importer Affected by VCID-y3uz-etva-sufh https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.springframework/spring-oxm/CVE-2020-5421.yml 38.3.0
2026-04-11T21:47:39.982562+00:00 GitLab Importer Fixing VCID-r384-aque-vqcw https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.springframework/spring-oxm/CVE-2014-0225.yml 38.3.0
2026-04-02T22:36:01.019505+00:00 GitLab Importer Affected by VCID-y3uz-etva-sufh https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.springframework/spring-oxm/CVE-2020-5421.yml 38.1.0
2026-04-02T22:01:35.831618+00:00 GitLab Importer Fixing VCID-r384-aque-vqcw https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.springframework/spring-oxm/CVE-2014-0225.yml 38.1.0
2026-04-01T16:53:16.523397+00:00 GitLab Importer Affected by VCID-y3uz-etva-sufh https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.springframework/spring-oxm/CVE-2020-5421.yml 38.0.0
2026-04-01T12:47:14.790713+00:00 GitLab Importer Fixing VCID-r384-aque-vqcw https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.springframework/spring-oxm/CVE-2014-0225.yml 38.0.0