VulnerableCode Package Details - pkg:maven/org.springframework/spring-webmvc@4.0-alpha0

Search for packages

Vulnerability	Summary	Fixed by
VCID-hb8j-4quw-fyhy Aliases: CVE-2014-0054 GHSA-8cmm-qj8g-fcp6	XML External Entities This package does not disable external entity resolution, which allows remote attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via crafted XML, aka an XML External Entity (XXE) issue. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-4152, CVE-2013-7315, and CVE-2013-6429.	4.0.2 Affected by 0 other vulnerabilities. 4.0.2.RELEASE Affected by 5 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-kvhz-7nfu-2kdx Aliases: CVE-2014-3578 GHSA-rhcg-rwhx-qj3j	Directory traversal flaw Directory traversal vulnerability in this package allows remote attackers to read arbitrary files via a crafted URL.	4.0.5.RELEASE Affected by 4 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-tj95-xfgu-pya7 Aliases: CVE-2014-3625 GHSA-hhm4-hwq6-3c6w	Directory traversal flaw Directory traversal vulnerability in this package allows remote attackers to read arbitrary files via unspecified vectors, related to static resource handling.	4.0.8 Affected by 0 other vulnerabilities. 4.0.8.RELEASE Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 4.1.2 Affected by 0 other vulnerabilities. 4.1.2.RELEASE Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}

Vulnerability

Summary

Fixed by

VCID-hb8j-4quw-fyhy
Aliases:
CVE-2014-0054
GHSA-8cmm-qj8g-fcp6

XML External Entities This package does not disable external entity resolution, which allows remote attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via crafted XML, aka an XML External Entity (XXE) issue. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-4152, CVE-2013-7315, and CVE-2013-6429.

4.0.2
Affected by 0 other vulnerabilities.

4.0.2.RELEASE
Affected by 5 other vulnerabilities.

VCID-kvhz-7nfu-2kdx
Aliases:
CVE-2014-3578
GHSA-rhcg-rwhx-qj3j

Directory traversal flaw Directory traversal vulnerability in this package allows remote attackers to read arbitrary files via a crafted URL.

4.0.5.RELEASE
Affected by 4 other vulnerabilities.

VCID-tj95-xfgu-pya7
Aliases:
CVE-2014-3625
GHSA-hhm4-hwq6-3c6w

Directory traversal flaw Directory traversal vulnerability in this package allows remote attackers to read arbitrary files via unspecified vectors, related to static resource handling.

4.0.8
Affected by 0 other vulnerabilities.

4.0.8.RELEASE
Affected by 3 other vulnerabilities.

4.1.2
Affected by 0 other vulnerabilities.

4.1.2.RELEASE
Affected by 3 other vulnerabilities.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-02T04:36:21.573987+00:00	GitLab Importer	Affected by	VCID-kvhz-7nfu-2kdx	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.springframework/spring-webmvc/CVE-2014-3578.yml	38.6.0
2026-06-02T04:36:19.850801+00:00	GitLab Importer	Affected by	VCID-tj95-xfgu-pya7	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.springframework/spring-webmvc/CVE-2014-3625.yml	38.6.0
2026-06-02T04:36:15.030009+00:00	GitLab Importer	Affected by	VCID-hb8j-4quw-fyhy	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.springframework/spring-webmvc/CVE-2014-0054.yml	38.6.0