Description
Spring Web Services, versions 2.4.3, 3.0.4, and older unsupported versions of all three projects, were susceptible to XML External Entity Injection (XXE) when receiving XML data from untrusted sources.
Remediation
References
https://pivotal.io/security/cve-2019-3773
https://security.netapp.com/advisory/ntap-20231227-0011/
https://www.oracle.com//security-alerts/cpujul2021.html
https://www.oracle.com/security-alerts/cpuApr2021.html
https://www.oracle.com/security-alerts/cpujan2021.html
Related Vulnerabilities
CVE-2020-11023 Vulnerability in maven package org.fujion.webjars:jquery
CVE-2019-10381 Vulnerability in maven package org.jenkins-ci.plugins:codefresh
CVE-2015-3250 Vulnerability in maven package org.apache.directory.api:api-ldap-client-all
CVE-2021-38384 Vulnerability in npm package serverless-offline
CVE-2022-41928 Vulnerability in maven package org.xwiki.platform:xwiki-platform-attachment-ui