Описание
Pivotal Spring Framework before 3.2.14 and 4.x before 4.1.7 do not properly process inline DTD declarations when DTD is not entirely disabled, which allows remote attackers to cause a denial of service (memory consumption and out-of-memory errors) via a crafted XML file.
| Релиз | Статус | Примечание |
|---|---|---|
| artful | ignored | end of life |
| bionic | not-affected | 4.3.14-1 |
| cosmic | not-affected | 4.3.14-1 |
| devel | not-affected | 4.3.14-1 |
| disco | not-affected | 4.3.14-1 |
| eoan | not-affected | 4.3.14-1 |
| esm-apps/bionic | not-affected | 4.3.14-1 |
| esm-apps/focal | not-affected | 4.3.14-1 |
| esm-apps/jammy | not-affected | 4.3.14-1 |
| esm-apps/xenial | released | 3.2.13-5ubuntu0.1~esm1 |
Показывать по
EPSS
4.3 Medium
CVSS2
5.5 Medium
CVSS3
Связанные уязвимости
Pivotal Spring Framework before 3.2.14 and 4.x before 4.1.7 do not properly process inline DTD declarations when DTD is not entirely disabled, which allows remote attackers to cause a denial of service (memory consumption and out-of-memory errors) via a crafted XML file.
Pivotal Spring Framework before 3.2.14 and 4.x before 4.1.7 do not properly process inline DTD declarations when DTD is not entirely disabled, which allows remote attackers to cause a denial of service (memory consumption and out-of-memory errors) via a crafted XML file.
Pivotal Spring Framework before 3.2.14 and 4.x before 4.1.7 do not pro ...
Pivotal Spring Framework DoS Attack with XML Input
EPSS
4.3 Medium
CVSS2
5.5 Medium
CVSS3