Improper resource allocation - Buffer overflow In org.springframework:spring-web
Description
Pivotal Spring Framework DoS Attack with XML Input Pivotal Spring Framework before 3.2.14 and 4.x before 4.1.7 do not properly process inline DTD declarations when DTD is not entirely disabled, which allows remote attackers to cause a denial of service (memory consumption and out-of-memory errors) via a crafted XML file.
Mitigation
Update Impact
Minimal update. May introduce new vulnerabilities or breaking changes.
Ecosystem | Package | Affected version | Patched versions |
|---|---|---|---|
 maven | 3.2.14, 4.1.7, 5.0.0.rc3 | ||
maven | 3.2.14, 4.1.7 | ||
 debian 12 | 4.1.9-1 | ||
debian 13 | 4.1.9-1 | ||
debian 14 | 4.1.9-1 | ||
debian 11 | 4.1.9-1 |
Aliases
1. 2. 3. 4. 5. 6. 7. 8. 9. 10. 11.
References
1. 2. 3. 4. 5. 6. 7. 8. 9. 10. 11. 12. 13. 14. 15. 16. 17. 18. 19.