GHSA-8222-6fc8-mhvf
- Source
- https://github.com/advisories/GHSA-8222-6fc8-mhvf
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2019/01/GHSA-8222-6fc8-mhvf/GHSA-8222-6fc8-mhvf.json
- Aliases
- Published
- 2019-01-25T16:18:52Z
- Modified
- 2023-11-08T04:01:34.038846Z
- Details
-
Spring Web Services, versions 2.4.3, 3.0.4, and older unsupported versions of all three projects, were susceptible to XML External Entity Injection (XXE) when receiving XML data from untrusted sources.
- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2019-3773
- https://github.com/advisories/GHSA-8222-6fc8-mhvf
- https://pivotal.io/security/cve-2019-3773
- https://www.oracle.com/security-alerts/cpuApr2021.html
- https://www.oracle.com/security-alerts/cpujan2021.html
- https://www.oracle.com/security-alerts/cpujul2021.html
Affected packages
Maven / org.springframework.ws:spring-ws
Package
- Name
- org.springframework.ws:spring-ws
Affected versions
1.*
1.0-m2
1.0-m3
1.0-rc1
1.0-rc2
1.0.0
1.0.1
1.0.2
1.0.3
1.0.4
1.5.0
1.5.1
1.5.2
1.5.3
1.5.4
1.5.5
1.5.6
1.5.7
1.5.8
1.5.9
1.5.10
2.*
2.0.0-M1
2.0.0.RELEASE
2.0.1.RELEASE
2.0.2.RELEASE
2.0.3.RELEASE
2.0.4.RELEASE
2.0.5.RELEASE
2.1.0.RELEASE
2.1.1.RELEASE
2.1.2.RELEASE
2.1.3.RELEASE
2.1.4.RELEASE
2.4.1.RELEASE
2.4.2.RELEASE
2.4.3.RELEASE
Maven / org.springframework.ws:spring-ws
Package
- Name
- org.springframework.ws:spring-ws
Maven / org.springframework.ws:spring-xml
Package
- Name
- org.springframework.ws:spring-xml
Affected versions
1.*
1.0-m2
1.0-m3
1.0-rc1
1.0-rc2
1.0.0
1.0.1
1.0.2
1.0.3
1.0.4
1.5.0
1.5.1
1.5.2
1.5.3
1.5.4
1.5.5
1.5.6
1.5.7
1.5.8
1.5.9
1.5.10
2.*
2.0.0-M1
2.0.0.RELEASE
2.0.1.RELEASE
2.0.2.RELEASE
2.0.3.RELEASE
2.0.4.RELEASE
2.0.5.RELEASE
2.1.0.RELEASE
2.1.1.RELEASE
2.1.2.RELEASE
2.1.3.RELEASE
2.1.4.RELEASE
2.2.0.RELEASE
2.2.1.RELEASE
2.2.2.RELEASE
2.2.3.RELEASE
2.2.4.RELEASE
2.3.0.RELEASE
2.3.1.RELEASE
2.4.0.RELEASE
2.4.1.RELEASE
2.4.2.RELEASE
2.4.3.RELEASE