Back to list
*Note: Email address will appear as "user domain ext" to prevent harvesting.
CVE-2013-4152 XML External Entity (XXE) injection in Spring Framework
Aug 22 2013 03:06PM
Pivotal Security Team (security gopivotal com)
Vendor: Spring by Pivotal
- 3.0.0 to 3.2.3 (Spring OXM & Spring MVC)
- 4.0.0.M1 (Spring OXM)
- 4.0.0.M1-4.0.0.M2 (Spring MVC)
- Earlier unsupported versions may also be affected
The Spring OXM wrapper did not expose any property for disabling en...
[ more ]
Copyright 2010, SecurityFocus