DEBIAN-CVE-2014-0225

DEBIAN-CVE-2014-0225 PUBLISHED CVSS 8.800000190734863 HIGH

When processing user provided XML documents, the Spring Framework 4.0.0 to 4.0.4, 3.0.0 to 3.2.8, and possibly earlier unsupported versions did not disable by default the resolution of URI references in a DTD declaration. This enabled an XXE attack.

Risk Scores

CVSS 3.0

8.800000190734863

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected Products

Vendor	Product	Versions
Debian:13	libspring-java	0, 0, 0
Debian:11	libspring-java	0, 0, 0
Debian:14	libspring-java	0, 0, 0
Debian:12	libspring-java	0, 0, 0

Timeline

May 25, 2017 CVE Published
Apr 28, 2026 CVE Updated

References

https://security-tracker.debian.org/tracker/CVE-2014-0225 advisory

Open in Interactive Console →