Springsource Spring Framework — known CVE vulnerabilities
Every CVE whose affected-product data names Springsource Spring Framework, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (5)
CVE-2011-2730 — CVSS 7.5 (high): VMware SpringSource Spring Framework before 2.5.6.SEC03, 2.5.7.SR023, and 3.x before 3.0.6, when a container supports Expression Language…
CVE-2013-4152 — CVSS 6.8 (medium): The Spring OXM wrapper in Spring Framework before 3.2.4 and 4.0.0.M1, when using the JAXB marshaller, does not disable entity resolution…
CVE-2013-7315 — CVSS 6.8 (medium): The Spring MVC in Spring Framework before 3.2.4 and 4.0.0.M1 through 4.0.0.M2 does not disable external entity resolution for the StAX…
CVE-2014-0054 — CVSS 6.8 (medium): The Jaxb2RootElementHttpMessageConverter in Spring MVC in Spring Framework before 3.2.8 and 4.0.0 before 4.0.2 does not disable external…
CVE-2010-1622 — CVSS 6.0 (medium): SpringSource Spring Framework 2.5.x before 2.5.6.SEC02, 2.5.7 before 2.5.7.SR01, and 3.0.x before 3.0.3 allows remote attackers to execute…