CVE-2015-3192 – org.springframework:spring-web

Package

Manager: maven
Name: org.springframework:spring-web
Vulnerable Version: >=0 <3.2.14 || >=4.0.0 <4.1.7 || =5.0.0.rc2 || >=5.0.0.rc2 <5.0.0.rc3

Severity

Level: Medium

CVSS v3.1: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

EPSS: 0.01378 pctl0.79537

Details

Pivotal Spring Framework DoS Attack with XML Input Pivotal Spring Framework before 3.2.14 and 4.x before 4.1.7 do not properly process inline DTD declarations when DTD is not entirely disabled, which allows remote attackers to cause a denial of service (memory consumption and out-of-memory errors) via a crafted XML file.

Metadata

Created: 2018-10-17T20:29:12Z
Modified: 2024-03-05T18:17:31Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2018/10/GHSA-6v7w-535j-rq5m/GHSA-6v7w-535j-rq5m.json
CWE IDs: ["CWE-119"]
Alternative ID: GHSA-6v7w-535j-rq5m
Finding: F316
Auto approve: 1