XXE Injection

Spring REST Docs is vulnerable to XML External Entity XXE Injection. The vulnerability is due to unsafe processing of XML content when documenting remote APIs, where a compromised or malicious API can supply crafted XML containing external entities. When documentation-generating tests are execute...

EUVD-2026-35885

When using spring-restdocs-webtestclient or spring-restdocs-restassured to document a remote API accessed over HTTP, an attacker who compromises the API or tricks the user into documenting a malicious API can perform an XXE injection attack when the documentation-generating tests are next execute...

CVE-2026-40991

When using spring-restdocs-webtestclient or spring-restdocs-restassured to document a remote API accessed over HTTP, an attacker who compromises the API or tricks the user into documenting a malicious API can perform an XXE injection attack when the documentation-generating tests are next execute...

VMware Spring REST Docs 代码问题漏洞

VMware Spring REST Docs is a REST API documentation generation framework developed by VMware, Inc. There are code-related vulnerabilities in VMware Spring REST Docs. These vulnerabilities arise when using spring-restdocs-webtestclient or spring-restdocs-restassistant to record remote APIs accesse...

CVE-2026-40991 XML External Entity (XXE) injection when documenting untrusted XML content

When using spring-restdocs-webtestclient or spring-restdocs-restassured to document a remote API accessed over HTTP, an attacker who compromises the API or tricks the user into documenting a malicious API can perform an XXE injection attack when the documentation-generating tests are next execute...

CVE-2026-40991 XML External Entity (XXE) injection when documenting untrusted XML content

When using spring-restdocs-webtestclient or spring-restdocs-restassured to document a remote API accessed over HTTP, an attacker who compromises the API or tricks the user into documenting a malicious API can perform an XXE injection attack when the documentation-generating tests are next execute...

CVE-2026-40991

The CVE-2026-40991 issue affects Spring REST Docs: 4.0.0; 3.0.0–3.0.5; and 2.0.0.RELEASE–2.0.8.RELEASE. When using spring-restdocs-webtestclient or spring-restdocs-restassured to document a remote HTTP API, an attacker who compromises the API or tricks a user into documenting a malicious API can ...

XML External Entity (XXE) Injection

Overview Affected versions of this package are vulnerable to XML External Entity XXE Injection due to improperly configured XML parsing in the PrettyPrintingContentModifier and XmlContentHandler classes, in PrettyPrintingContentModifier.java and payload/XmlContentHandler.java. When the...

PT-2026-48306

Name of the Vulnerable Software and Affected Versions Spring REST Docs version 4.0.0 Spring REST Docs versions 3.0.0 through 3.0.5 Spring REST Docs versions 2.0.0.RELEASE through 2.0.8.RELEASE Description An XXE XML External Entity injection attack can occur when using spring-restdocs-webtestclie...

This Week in Spring - October 22nd, 2024

Hi, Spring fans! Welcome to another installment of This Week in Spring. I write this to you in an Uber speeding down the autobahn near Frankfurt, Germany. What a time to be alive! At the rate this driver's going, I won't have much time to write this before we've arrived, so let's dive right into...

This Week in Spring - November 22nd, 2022 - Spring Boot 3 and Thanksgiving edition!

Hi, Spring fans! Its Tuesday, the 22nd of November, 2022, as I write this, which means were two days away from Spring Boot 3 and Thanksgiving. Spring Boot 3, Ive written about in abundance so I wont rehash that. If you want to learn more about some of the amazing new features in Spring Framework ...