Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-hb8j-4quw-fyhy
Vulnerability ID VCID-hb8j-4quw-fyhy
Aliases CVE-2014-0054
GHSA-8cmm-qj8g-fcp6
Summary XML External Entities This package does not disable external entity resolution, which allows remote attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via crafted XML, aka an XML External Entity (XXE) issue. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-4152, CVE-2013-7315, and CVE-2013-6429.
Status Published
Exploitability 0.5
Weighted Severity 6.2
Risk 3.1
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-352 Cross-Site Request Forgery (CSRF)
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
generic_textual MODERATE http://rhn.redhat.com/errata/RHSA-2014-0400.html
epss 0.02548 https://api.first.org/data/v1/epss?cve=CVE-2014-0054
generic_textual MODERATE https://github.com/spring-projects/spring-framework/commit/1a8629d40825c073b6863ae2ab748b647b28506a
generic_textual MODERATE https://github.com/spring-projects/spring-framework/commit/1c5cab2a4069ec3239c531d741aeb07a434f521b
generic_textual MODERATE https://github.com/spring-projects/spring-framework/commit/edba32b3093703d5e9ed42b5b8ec23ecc1998398
generic_textual MODERATE https://github.com/spring-projects/spring-framework/commit/fb0683c066e74e9667d6cd8c5fa01f674c68c3be
generic_textual MODERATE https://github.com/spring-projects/spring-framework/issues/16003
generic_textual MODERATE https://nvd.nist.gov/vuln/detail/CVE-2014-0054
generic_textual MODERATE http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html
Reference id Reference type URL
http://rhn.redhat.com/errata/RHSA-2014-0400.html
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0054.json
https://api.first.org/data/v1/epss?cve=CVE-2014-0054
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0054
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1904
https://github.com/spring-projects/spring-framework/commit/1a8629d40825c073b6863ae2ab748b647b28506a
https://github.com/spring-projects/spring-framework/commit/1c5cab2a4069ec3239c531d741aeb07a434f521b
https://github.com/spring-projects/spring-framework/commit/edba32b3093703d5e9ed42b5b8ec23ecc1998398
https://github.com/spring-projects/spring-framework/commit/fb0683c066e74e9667d6cd8c5fa01f674c68c3be
https://github.com/spring-projects/spring-framework/issues/16003
https://jira.spring.io/browse/SPR-11376
https://nvd.nist.gov/vuln/detail/CVE-2014-0054
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0054
http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html
1075328 https://bugzilla.redhat.com/show_bug.cgi?id=1075328
741604 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=741604
CVE-2014-0054 http://www.pivotal.io/security/cve-2014-0054
RHSA-2014:0400 https://access.redhat.com/errata/RHSA-2014:0400
RHSA-2014:0401 https://access.redhat.com/errata/RHSA-2014:0401
No exploits are available.
Exploit Prediction Scoring System (EPSS)
Percentile 0.85755
EPSS Score 0.02548
Published At June 4, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-06-02T04:36:15.008424+00:00 GitLab Importer Import https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.springframework/spring-webmvc/CVE-2014-0054.yml 38.6.0