Pivotal Software Spring Framework — known CVE vulnerabilities
Every CVE whose affected-product data names Pivotal Software Spring Framework, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (10)
CVE-2014-0225 — CVSS 8.8 (high): When processing user provided XML documents, the Spring Framework 4.0.0 to 4.0.4, 3.0.0 to 3.2.8, and possibly earlier unsupported versions…
CVE-2016-5007 — CVSS 7.5 (high): Both Spring Security 3.2.x, 4.0.x, 4.1.0 and the Spring Framework 3.2.x, 4.0.x, 4.1.x, 4.2.x rely on URL pattern mappings for authorization…
CVE-2016-9878 — CVSS 7.5 (high): An issue was discovered in Pivotal Spring Framework before 3.2.18, 4.2.x before 4.2.9, and 4.3.x before 4.3.5. Paths provided to the…
CVE-2013-6429 — CVSS 6.8 (medium): The SourceHttpMessageConverter in Spring MVC in Spring Framework before 3.2.5 and 4.0.0.M1 through 4.0.0.RC1 does not disable external…
CVE-2015-3192 — CVSS 5.5 (medium): Pivotal Spring Framework before 3.2.14 and 4.x before 4.1.7 do not properly process inline DTD declarations when DTD is not entirely…
CVE-2013-6430 — CVSS 5.4 (medium): The JavaScriptUtils.javaScriptEscape method in web/util/JavaScriptUtils.java in Spring MVC in Spring Framework before 3.2.2 does not…
CVE-2014-3578 — CVSS 5.0 (medium): Directory traversal vulnerability in Pivotal Spring Framework 3.x before 3.2.9 and 4.0 before 4.0.5 allows remote attackers to read…
CVE-2014-3625 — CVSS 5.0 (medium): Directory traversal vulnerability in Pivotal Spring Framework 3.0.4 through 3.2.x before 3.2.12, 4.0.x before 4.0.8, and 4.1.x before 4.1.2…
CVE-2015-0201 — CVSS 5.0 (medium): The Java SockJS client in Pivotal Spring Framework 4.1.x before 4.1.5 generates predictable session ids, which allows remote attackers to…
CVE-2014-1904 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in web/servlet/tags/form/FormTag.java in Spring MVC in Spring Framework 3.0.0 before 3.2.8 and…