VulnerableCode Package Details - pkg:maven/org.springframework/spring-webmvc@4.0-alpha0

Search for packages

Vulnerability	Summary	Fixed by
VCID-53gt-nbgk-hyc2 Aliases: CVE-2014-3578 GHSA-rhcg-rwhx-qj3j	Directory traversal vulnerability in Pivotal Spring Framework 3.x before 3.2.9 and 4.0 before 4.0.5 allows remote attackers to read arbitrary files via a crafted URL.	4.0.5.RELEASE Affected by 5 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-9v66-xp9z-8kea Aliases: CVE-2014-3625 GHSA-hhm4-hwq6-3c6w	Directory traversal vulnerability in Pivotal Spring Framework 3.0.4 through 3.2.x before 3.2.12, 4.0.x before 4.0.8, and 4.1.x before 4.1.2 allows remote attackers to read arbitrary files via unspecified vectors, related to static resource handling.	4.0.8 Affected by 0 other vulnerabilities. 4.0.8.RELEASE Affected by 4 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 4.1.2 Affected by 0 other vulnerabilities. 4.1.2.RELEASE Affected by 4 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-vkf8-5z5m-wqc7 Aliases: CVE-2014-0054 GHSA-8cmm-qj8g-fcp6	The Jaxb2RootElementHttpMessageConverter in Spring MVC in Spring Framework before 3.2.8 and 4.0.0 before 4.0.2 does not disable external entity resolution, which allows remote attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via crafted XML, aka an XML External Entity (XXE) issue. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-4152, CVE-2013-7315, and CVE-2013-6429.	4.0.2 Affected by 0 other vulnerabilities. 4.0.2.RELEASE Affected by 7 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}

Vulnerability

Summary

Fixed by

VCID-53gt-nbgk-hyc2
Aliases:
CVE-2014-3578
GHSA-rhcg-rwhx-qj3j

Directory traversal vulnerability in Pivotal Spring Framework 3.x before 3.2.9 and 4.0 before 4.0.5 allows remote attackers to read arbitrary files via a crafted URL.

4.0.5.RELEASE
Affected by 5 other vulnerabilities.

VCID-9v66-xp9z-8kea
Aliases:
CVE-2014-3625
GHSA-hhm4-hwq6-3c6w

Directory traversal vulnerability in Pivotal Spring Framework 3.0.4 through 3.2.x before 3.2.12, 4.0.x before 4.0.8, and 4.1.x before 4.1.2 allows remote attackers to read arbitrary files via unspecified vectors, related to static resource handling.

4.0.8
Affected by 0 other vulnerabilities.

4.0.8.RELEASE
Affected by 4 other vulnerabilities.

4.1.2
Affected by 0 other vulnerabilities.

4.1.2.RELEASE
Affected by 4 other vulnerabilities.

VCID-vkf8-5z5m-wqc7
Aliases:
CVE-2014-0054
GHSA-8cmm-qj8g-fcp6

The Jaxb2RootElementHttpMessageConverter in Spring MVC in Spring Framework before 3.2.8 and 4.0.0 before 4.0.2 does not disable external entity resolution, which allows remote attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via crafted XML, aka an XML External Entity (XXE) issue. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-4152, CVE-2013-7315, and CVE-2013-6429.

4.0.2
Affected by 0 other vulnerabilities.

4.0.2.RELEASE
Affected by 7 other vulnerabilities.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-01T12:46:56.226268+00:00	GitLab Importer	Affected by	VCID-53gt-nbgk-hyc2	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.springframework/spring-webmvc/CVE-2014-3578.yml	38.0.0
2026-04-01T12:46:55.242098+00:00	GitLab Importer	Affected by	VCID-9v66-xp9z-8kea	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.springframework/spring-webmvc/CVE-2014-3625.yml	38.0.0
2026-04-01T12:46:52.479380+00:00	GitLab Importer	Affected by	VCID-vkf8-5z5m-wqc7	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.springframework/spring-webmvc/CVE-2014-0054.yml	38.0.0