External Entity Resolution Vulnerability in Spring Framework by Pivotal
CVE-2013-6429

Currently unrated

Key Information:

Vendor
CVE Published:
26 January 2014

What is CVE-2013-6429?

The SourceHttpMessageConverter in the Spring MVC component of the Spring Framework is susceptible to an XML External Entity (XXE) issue. This vulnerability allows attackers to exploit the framework's failure to disable external entity resolution, potentially enabling unauthorized access to sensitive files and facilitating denial of service attacks. Additionally, it may lead to cross-site request forgery (CSRF) attacks through crafted XML payloads. This vulnerability poses significant risks for applications utilizing affected Spring versions, emphasizing the necessity for immediate remediation.

References

EPSS Score

90% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.