Back to list
*Note: Email address will appear as "user domain ext" to prevent harvesting.
CVE-2013-6429 Fix for XML External Entity (XXE) injection (CVE-2013-4152) in Spring Framework was incomplete
Jan 14 2014 05:49PM
Pivotal Security Team (security gopivotal com)
Vendor: Spring by Pivotal
- Spring MVC 3.0.0 to 3.2.4
- Spring MVC 4.0.0.M1-4.0.0.RC1
- Earlier unsupported versions may be affected
Spring MVC's SourceHttpMessageConverter also processed user provided XML and
neither disabled XML external entit...
[ more ]
Copyright 2010, SecurityFocus