CVE-2019-3773

Source
https://nvd.nist.gov/vuln/detail/CVE-2019-3773
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-3773.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2019-3773
Aliases
Withdrawn
2024-05-15T05:31:34.511889Z
Published
2019-01-18T22:29:01Z
Modified
2023-12-27T16:46:21.411552Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

Spring Web Services, versions 2.4.3, 3.0.4, and older unsupported versions of all three projects, were susceptible to XML External Entity Injection (XXE) when receiving XML data from untrusted sources.

References

Affected packages

Git / github.com/spring-projects/spring-ws

Affected ranges

Type
GIT
Repo
https://github.com/spring-projects/spring-ws
Events

Affected versions

v3.*

v3.0.0.RELEASE
v3.0.1.RELEASE
v3.0.2.RELEASE
v3.0.3.RELEASE
v3.0.4.RELEASE