CVE-2014-0225

State: PUBLISHED · Published: 2017-05-25 · Updated: 2024-08-06 · Assigner: dell

Description

When processing user provided XML documents, the Spring Framework 4.0.0 to 4.0.4, 3.0.0 to 3.2.8, and possibly earlier unsupported versions did not disable by default the resolution of URI references in a DTD declaration. This enabled an XXE attack.

CWE

(none)

Affected

Pivotal / Spring Framework — v=4.0.0 to 4.0.4 [affected]; v=3.0.0 to 3.2.8 [affected]; v=Earlier unsupported versions may be affected [affected]

CVSS

(none)

References

https://pivotal.io/security/cve-2014-0225 x_refsource_CONFIRM

Source

cvelistV5-main/cves/2014/0xxx/CVE-2014-0225.json