Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:maven/org.springframework/spring-web@3.2.4.RELEASE
purl pkg:maven/org.springframework/spring-web@3.2.4.RELEASE
Next non-vulnerable version 3.2.5.RELEASE
Latest non-vulnerable version 6.1.6
Risk
Vulnerabilities affecting this package (1)
Vulnerability Summary Fixed by
VCID-7zcx-qpsn-zuem
Aliases:
CVE-2013-6429
XML External Entity (XXE) injection The `SourceHttpMessageConverter` in this package does not disable external entity resolution, which allows remote attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via crafted XML.
3.2.5.RELEASE
Affected by 0 other vulnerabilities.
4.0.0.RELEASE
Affected by 0 other vulnerabilities.
Vulnerabilities fixed by this package (1)
Vulnerability Summary Aliases
VCID-gwpy-9eej-kbgd XML External Entity (XXE) injection This package does not disable external entity resolution for the StAX XMLInputFactory, which allows context-dependent attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via crafted XML with JAXB, aka an XML External Entity (XXE) issue, and a different vulnerability than CVE-2013-4152. NOTE: this issue was SPLIT from CVE-2013-4152 due to different affected versions. CVE-2013-7315
GHSA-vp63-rrcm-9mph

Date Actor Action Vulnerability Source VulnerableCode Version
2026-06-02T04:36:13.375400+00:00 GitLab Importer Affected by VCID-7zcx-qpsn-zuem https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.springframework/spring-web/CVE-2013-6429.yml 38.6.0
2026-06-02T04:36:13.258688+00:00 GitLab Importer Fixing VCID-gwpy-9eej-kbgd https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.springframework/spring-web/CVE-2013-7315.yml 38.6.0