Description

Spring Web Services, versions 2.4.3, 3.0.4, and older unsupported versions of all three projects, were susceptible to XML External Entity Injection (XXE) when receiving XML data from untrusted sources.

Remediation

References

https://pivotal.io/security/cve-2019-3773

https://security.netapp.com/advisory/ntap-20231227-0011/

https://www.oracle.com//security-alerts/cpujul2021.html

https://www.oracle.com/security-alerts/cpuApr2021.html

https://www.oracle.com/security-alerts/cpujan2021.html

Related Vulnerabilities

CVE-2022-31179 Vulnerability in npm package shescape

CVE-2022-41933 Vulnerability in maven package org.xwiki.platform:xwiki-platform-security-authentication-default

CVE-2023-29511 Vulnerability in maven package org.xwiki.platform:xwiki-platform-administration-ui

CVE-2021-43138 Vulnerability in maven package org.webjars.bowergithub.caolan:async

CVE-2018-15685 Vulnerability in maven package org.webjars.npm:electron

Severity

Critical

Classification

CWE-611 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Vendor Advisory Patch Third Party Advisory Not Applicable