CVE-2013-7315 (Medium) detected in spring-web-3.1.1.RELEASE.jar #50
Labels
security vulnerability
Security vulnerability detected by WhiteSource
Comments
mend-bolt-for-github
bot
added
the
security vulnerability
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
CVE-2013-7315 - Medium Severity Vulnerability
null
Path to dependency file: /MS_Demo/ksa/ksa-web-root/ksa-bd-web/pom.xml
Path to vulnerable library: /root/.m2/repository/org/springframework/spring-web/3.1.1.RELEASE/spring-web-3.1.1.RELEASE.jar,2/repository/org/springframework/spring-web/3.1.1.RELEASE/spring-web-3.1.1.RELEASE.jar
Dependency Hierarchy:
The Spring MVC in Spring Framework before 3.2.4 and 4.0.0.M1 through 4.0.0.M2 does not disable external entity resolution for the StAX XMLInputFactory, which allows context-dependent attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via crafted XML with JAXB, aka an XML External Entity (XXE) issue, and a different vulnerability than CVE-2013-4152. NOTE: this issue was SPLIT from CVE-2013-4152 due to different affected versions.
Publish Date: 2014-01-23
URL: CVE-2013-7315
Base Score Metrics not available
Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2013-7315
Release Date: 2014-01-23
Fix Resolution: 3.2.4, 4.0.0.M3
Step up your Open Source Security Game with WhiteSource here
The text was updated successfully, but these errors were encountered: