Vulnerabilities > Pivotal Software > Spring Framework > 4.1.0

DATE CVE VULNERABILITY TITLE RISK
2017-05-25 CVE-2016-5007 Permissions, Privileges, and Access Controls vulnerability in multiple products
Both Spring Security 3.2.x, 4.0.x, 4.1.0 and the Spring Framework 3.2.x, 4.0.x, 4.1.x, 4.2.x rely on URL pattern mappings for authorization and for mapping requests to controllers respectively.
network
low complexity
pivotal-software vmware CWE-264
7.5
2016-07-12 CVE-2015-3192 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Pivotal Spring Framework before 3.2.14 and 4.x before 4.1.7 do not properly process inline DTD declarations when DTD is not entirely disabled, which allows remote attackers to cause a denial of service (memory consumption and out-of-memory errors) via a crafted XML file.
5.5