EPSS
Percentile
72.6%
spring-data-commons is vulnerable to XML external entity (XXE) attacks. The application does not explicitly disable document type declarations by default, allowing a malicious user to pass an XML file that can lead to information disclosure.
access.redhat.com/errata/RHSA-2018:1809
access.redhat.com/errata/RHSA-2018:3768
jira.spring.io/browse/DATACMNS-1292
pivotal.io/security/cve-2018-1259
www.oracle.com/security-alerts/cpujul2022.html