CVE-2019-3773

Source

https://nvd.nist.gov/vuln/detail/CVE-2019-3773

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-3773.json

Aliases

GHSA-8222-6fc8-mhvf

Published

2019-01-18T22:29:01Z

Modified

2023-12-27T16:46:21.411552Z

Details

Spring Web Services, versions 2.4.3, 3.0.4, and older unsupported versions of all three projects, were susceptible to XML External Entity Injection (XXE) when receiving XML data from untrusted sources.

References

https://pivotal.io/security/cve-2019-3773
https://security.netapp.com/advisory/ntap-20231227-0011/
https://www.oracle.com//security-alerts/cpujul2021.html
https://www.oracle.com/security-alerts/cpujan2021.html
https://www.oracle.com/security-alerts/cpuApr2021.html

Affected packages

Git / github.com/spring-projects/spring-ws

Affected ranges

Type: GIT
Repo: https://github.com/spring-projects/spring-ws
Events: Last affected

9ef17e0626ae69d32491df461204f76017b12352

Introduced

b847cc0ca811e5fb6e4be8adb4f15a4e02ec4fa2

Last affected

92370fbbb2e05e02e9ae644ea1bdd8f42886482a

Affected versions

v3.*

v3.0.0.RELEASE

v3.0.1.RELEASE

v3.0.2.RELEASE

v3.0.3.RELEASE

v3.0.4.RELEASE