Description
When processing user provided XML documents, the Spring Framework 4.0.0 to 4.0.4, 3.0.0 to 3.2.8, and possibly earlier unsupported versions did not disable by default the resolution of URI references in a DTD declaration. This enabled an XXE attack.
Remediation
References
https://pivotal.io/security/cve-2014-0225
Related Vulnerabilities
CVE-2012-4534 Vulnerability in maven package org.apache.tomcat:tomcat-coyote
CVE-2023-31141 Vulnerability in maven package org.opensearch.plugin:opensearch-security
CVE-2020-27219 Vulnerability in maven package org.eclipse.hawkbit:hawkbit-update-server
CVE-2021-21172 Vulnerability in npm package electron
CVE-2022-41226 Vulnerability in maven package com.compuware.jenkins:compuware-common-configuration