Description

Spring Web Services, versions 2.4.3, 3.0.4, and older unsupported versions of all three projects, were susceptible to XML External Entity Injection (XXE) when receiving XML data from untrusted sources.

Remediation

References

https://pivotal.io/security/cve-2019-3773

https://security.netapp.com/advisory/ntap-20231227-0011/

https://www.oracle.com//security-alerts/cpujul2021.html

https://www.oracle.com/security-alerts/cpuApr2021.html

https://www.oracle.com/security-alerts/cpujan2021.html

Related Vulnerabilities

CVE-2019-1354 Vulnerability in npm package nodegit

CVE-2023-43500 Vulnerability in maven package com.sonyericsson.jenkins.plugins.bfa:build-failure-analyzer

CVE-2021-31409 Vulnerability in maven package com.vaadin:vaadin-compatibility-server

CVE-2020-2266 Vulnerability in maven package org.jenkins-ci.plugins:description-column-plugin

CVE-2021-29425 Vulnerability in maven package commons-io:commons-io

Severity

Critical

Classification

CWE-611 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Vendor Advisory Patch Third Party Advisory Not Applicable