Description

Spring Web Services, versions 2.4.3, 3.0.4, and older unsupported versions of all three projects, were susceptible to XML External Entity Injection (XXE) when receiving XML data from untrusted sources.

Remediation

References

https://pivotal.io/security/cve-2019-3773

https://security.netapp.com/advisory/ntap-20231227-0011/

https://www.oracle.com//security-alerts/cpujul2021.html

https://www.oracle.com/security-alerts/cpuApr2021.html

https://www.oracle.com/security-alerts/cpujan2021.html

Related Vulnerabilities

CVE-2022-34184 Vulnerability in maven package org.jenkins-ci.plugins:crx-content-package-deployer

CVE-2021-27516 Vulnerability in npm package urijs

CVE-2023-36820 Vulnerability in maven package io.micronaut.security:micronaut-security-oauth2

CVE-2013-4330 Vulnerability in maven package org.apache.camel:camel-core

CVE-2021-27405 Vulnerability in npm package @progfay/scrapbox-parser

Severity

Critical

Classification

CWE-611 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Vendor Advisory Patch Third Party Advisory Not Applicable