Description
Spring Web Services, versions 2.4.3, 3.0.4, and older unsupported versions of all three projects, were susceptible to XML External Entity Injection (XXE) when receiving XML data from untrusted sources.
Remediation
References
https://pivotal.io/security/cve-2019-3773
https://security.netapp.com/advisory/ntap-20231227-0011/
https://www.oracle.com//security-alerts/cpujul2021.html
https://www.oracle.com/security-alerts/cpuApr2021.html
https://www.oracle.com/security-alerts/cpujan2021.html
Related Vulnerabilities
CVE-2020-1950 Vulnerability in maven package org.apache.tika:tika-parsers
CVE-2023-29016 Vulnerability in maven package io.goobi.viewer:viewer-core
CVE-2022-29247 Vulnerability in npm package electron
CVE-2023-0868 Vulnerability in maven package org.opennms:opennms-webapp
CVE-2015-5348 Vulnerability in maven package org.apache.camel:camel-http4