Spring Framework versions 3.x and 4.x suffer from an XML external entity (XXE) injection vulnerability…. Spring Framework versions 3.x and 4.x suffer from an XML external entity (XXE) injection vulnerability.
Read more http://packetstormsecurity.com/files/122939/springoxm-xxe.txt