admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-07-29 05:56:59 +00:00
Code Issues Packages Projects Releases Wiki Activity
cvelist/2014/0xxx/CVE-2014-0225.json
CVE Team 620dd1c52b
"-Synchronized-Data."
2019-03-18 06:38:12 +00:00

68 lines
2.2 KiB
JSON
Raw Blame History

{
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"ID": "CVE-2014-0225",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Spring Framework",
"version": {
"version_data": [
{
"version_value": "4.0.0 to 4.0.4"
},
{
"version_value": "3.0.0 to 3.2.8"
},
{
"version_value": "Earlier unsupported versions may be affected"
}
]
}
}
]
},
"vendor_name": "Pivotal"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "When processing user provided XML documents, the Spring Framework 4.0.0 to 4.0.4, 3.0.0 to 3.2.8, and possibly earlier unsupported versions did not disable by default the resolution of URI references in a DTD declaration. This enabled an XXE attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "XXE"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://pivotal.io/security/cve-2014-0225",
"refsource": "CONFIRM",
"url": "https://pivotal.io/security/cve-2014-0225"
}
]
}
}
Reference in New Issue View Git Blame Copy Permalink