CVE-2019-3773

Description

Spring Web Services, versions 2.4.3, 3.0.4, and older unsupported versions of all three projects, were susceptible to XML External Entity Injection (XXE) when receiving XML data from untrusted sources.

Affected products

• Spring / Spring Web Services3.0 – v3.0.4.RELEASE
• Spring / Spring Web Services2.4 – v2.4.3.RELEASE

References

• VENDOR_ADVISORYhttps://www.oracle.com/security-alerts/cpujan2021.html
• MISChttps://pivotal.io/security/cve-2019-3773
• VENDOR_ADVISORYhttps://www.oracle.com/security-alerts/cpuApr2021.html
• VENDOR_ADVISORYhttps://www.oracle.com//security-alerts/cpujul2021.html
• MISChttps://security.netapp.com/advisory/ntap-20231227-0011/