VulnerableCode Package Details - pkg:maven/org.springframework/spring-web@4-alpha0

Search for packages

Vulnerability	Summary	Fixed by
VCID-7zcx-qpsn-zuem Aliases: CVE-2013-6429	XML External Entity (XXE) injection The `SourceHttpMessageConverter` in this package does not disable external entity resolution, which allows remote attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via crafted XML.	4.0.0.RELEASE Affected by 0 other vulnerabilities.
VCID-gwpy-9eej-kbgd Aliases: CVE-2013-7315 GHSA-vp63-rrcm-9mph	XML External Entity (XXE) injection This package does not disable external entity resolution for the StAX XMLInputFactory, which allows context-dependent attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via crafted XML with JAXB, aka an XML External Entity (XXE) issue, and a different vulnerability than CVE-2013-4152. NOTE: this issue was SPLIT from CVE-2013-4152 due to different affected versions.	4.0.0.RELEASE Affected by 0 other vulnerabilities.
VCID-ncq1-u2qu-77ec Aliases: CVE-2015-3192 GHSA-6v7w-535j-rq5m	DoS Attack with XML Input This package do not properly process inline DTD declarations when DTD is not entirely disabled, which allows remote attackers to cause a denial of service (memory consumption and out-of-memory errors) via a crafted XML file.	4.1.7.RELEASE Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}

Vulnerability

Summary

Fixed by

VCID-7zcx-qpsn-zuem
Aliases:
CVE-2013-6429

XML External Entity (XXE) injection The `SourceHttpMessageConverter` in this package does not disable external entity resolution, which allows remote attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via crafted XML.

4.0.0.RELEASE
Affected by 0 other vulnerabilities.

VCID-gwpy-9eej-kbgd
Aliases:
CVE-2013-7315
GHSA-vp63-rrcm-9mph

XML External Entity (XXE) injection This package does not disable external entity resolution for the StAX XMLInputFactory, which allows context-dependent attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via crafted XML with JAXB, aka an XML External Entity (XXE) issue, and a different vulnerability than CVE-2013-4152. NOTE: this issue was SPLIT from CVE-2013-4152 due to different affected versions.

4.0.0.RELEASE
Affected by 0 other vulnerabilities.

VCID-ncq1-u2qu-77ec
Aliases:
CVE-2015-3192
GHSA-6v7w-535j-rq5m

DoS Attack with XML Input This package do not properly process inline DTD declarations when DTD is not entirely disabled, which allows remote attackers to cause a denial of service (memory consumption and out-of-memory errors) via a crafted XML file.

4.1.7.RELEASE
Affected by 1 other vulnerability.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-02T04:36:36.773974+00:00	GitLab Importer	Affected by	VCID-ncq1-u2qu-77ec	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.springframework/spring-web/CVE-2015-3192.yml	38.6.0
2026-06-02T04:36:13.379291+00:00	GitLab Importer	Affected by	VCID-7zcx-qpsn-zuem	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.springframework/spring-web/CVE-2013-6429.yml	38.6.0
2026-06-02T04:36:13.238994+00:00	GitLab Importer	Affected by	VCID-gwpy-9eej-kbgd	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.springframework/spring-web/CVE-2013-7315.yml	38.6.0