Description
Spring Web Services, versions 2.4.3, 3.0.4, and older unsupported versions of all three projects, were susceptible to XML External Entity Injection (XXE) when receiving XML data from untrusted sources.
Remediation
References
https://pivotal.io/security/cve-2019-3773
https://security.netapp.com/advisory/ntap-20231227-0011/
https://www.oracle.com//security-alerts/cpujul2021.html
https://www.oracle.com/security-alerts/cpuApr2021.html
https://www.oracle.com/security-alerts/cpujan2021.html
Related Vulnerabilities
CVE-2023-36472 Vulnerability in npm package @strapi/admin
CVE-2023-44487 Vulnerability in maven package io.helidon.http:helidon-http-http2
CVE-2019-10447 Vulnerability in maven package io.jenkins.plugins:sofy-ai
CVE-2014-0034 Vulnerability in maven package org.apache.cxf.services.sts:cxf-services-sts-core