Poutsma

**Name of the Vulnerable Software and Affected Versions** Spring Framework versions prior to 3.2.4 Spring Framework versions prior to 4.0.0.M1 **Description** The issue allows context-dependent attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via an XML external entity declaration in conjunction with an entity reference in a DOMSource, StAXSource, SAXSource, or StreamSource, also known as an XML External Entity (XXE) issue. **Recommendations** For Spring Framework versions prior to 3.2.4, update to version 3.2.4 or later to resolve the issue. For Spring Framework versions prior to 4.0.0.M1, update to version 4.0.0.M1 or later to resolve the issue.