CVE Tools

springsource

OSS Librariescommercial

6

Cumulative CVEs

4

Monthly snapshots

#57

Peak rank

Top products

spring framework2

Latest CVEs

The 9 most recently published vulnerabilities affecting springsource.

CVE-2014-0054The Jaxb2RootElementHttpMessageConverter in Spring MVC in Spring Framework before 3.2.8 and 4.0.0 before 4.0.2 does not disable external entity resolution, which allows remote attackers to read arb...6.8Apr 17, 2014
CVE-2013-4152The Spring OXM wrapper in Spring Framework before 3.2.4 and 4.0.0.M1, when using the JAXB marshaller, does not disable entity resolution, which allows context-dependent attackers to read arbitrary ...6.8Jan 23, 2014
CVE-2013-7315The Spring MVC in Spring Framework before 3.2.4 and 4.0.0.M1 through 4.0.0.M2 does not disable external entity resolution for the StAX XMLInputFactory, which allows context-dependent attackers to r...6.8Jan 23, 2014
CVE-2011-2730VMware SpringSource Spring Framework before 2.5.6.SEC03, 2.5.7.SR023, and 3.x before 3.0.6, when a container supports Expression Language (EL), evaluates EL expressions in tags twice, which allows ...7.5Dec 5, 2012
CVE-2012-1833VMware SpringSource Grails before 1.3.8, and 2.x before 2.0.2, does not properly restrict data binding, which might allow remote attackers to bypass intended access restrictions and modify arbitrar...5.0Sep 28, 2012
CVE-2010-1622SpringSource Spring Framework 2.5.x before 2.5.6.SEC02, 2.5.7 before 2.5.7.SR01, and 3.0.x before 3.0.3 allows remote attackers to execute arbitrary code via an HTTP request containing class.classL...6.0Jun 21, 2010
CVE-2009-2907Multiple cross-site scripting (XSS) vulnerabilities in SpringSource tc Server 6.0.20.B and earlier, Application Management Suite (AMS) before 2.0.0.SR4, Hyperic HQ Open Source before 4.2.x, Hyperic...4.3Mar 24, 2010
CVE-2009-2898Cross-site scripting (XSS) vulnerability in the Alerts list feature in the web interface in SpringSource Hyperic HQ 3.2.x before 3.2.6.1, 4.0.x before 4.0.3.1, 4.1.x before 4.1.2.1, and 4.2-beta1; ...3.5Oct 13, 2009
CVE-2009-2897Multiple cross-site scripting (XSS) vulnerabilities in hq/web/common/GenericError.jsp in the generic exception handler in the web interface in SpringSource Hyperic HQ 3.2.x before 3.2.6.1, 4.0.x be...4.3Oct 13, 2009