CVE-2019-3773

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2019-3773

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-3773.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2019-3773

Aliases

GHSA-8222-6fc8-mhvf

Published

2019-01-18T22:29:01Z

Modified

2025-02-19T02:58:10.743183Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

Spring Web Services, versions 2.4.3, 3.0.4, and older unsupported versions of all three projects, were susceptible to XML External Entity Injection (XXE) when receiving XML data from untrusted sources.

References

Affected packages

Git / github.com/spring-projects/spring-ws

Affected ranges

Type: GIT
Repo: https://github.com/spring-projects/spring-ws
Events: Introduced

b847cc0ca811e5fb6e4be8adb4f15a4e02ec4fa2

Last affected

92370fbbb2e05e02e9ae644ea1bdd8f42886482a

Last affected

9ef17e0626ae69d32491df461204f76017b12352

Affected versions

v3.*

v3.0.0.RELEASE

v3.0.1.RELEASE

v3.0.2.RELEASE

v3.0.3.RELEASE

v3.0.4.RELEASE