GHSA-wr5r-m8pc-85j9
Suggest an improvement- Source
- https://github.com/advisories/GHSA-wr5r-m8pc-85j9
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2019/01/GHSA-wr5r-m8pc-85j9/GHSA-wr5r-m8pc-85j9.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-wr5r-m8pc-85j9
- Aliases
- Published
- 2019-01-25T16:18:49Z
- Modified
- 2024-11-30T05:27:23.346626Z
- Summary
- Improper Restriction of XML External Entity Reference in org.springframework.integration:spring-integration-ws and org.springframework.integration:spring-integration-xml
- Details
-
Spring Integration (spring-integration-xml and spring-integration-ws modules), versions 4.3.18, 5.0.10, 5.1.1, and older unsupported versions, were susceptible to XML External Entity Injection (XXE) when receiving XML data from untrusted sources.
- Database specific
{ "nvd_published_at": null, "cwe_ids": [ "CWE-611" ], "severity": "LOW", "github_reviewed": true, "github_reviewed_at": "2020-06-16T22:01:07Z" }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2019-3772
- https://github.com/spring-projects/spring-integration/commit/59c69ed40d3755ef59f80872e0ea711adbb13620
- https://github.com/advisories/GHSA-wr5r-m8pc-85j9
- https://pivotal.io/security/cve-2019-3772
- https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
- http://www.securityfocus.com/bid/106749
Affected packages
Maven / org.springframework.integration:spring-integration-xml
Package
- Name
- org.springframework.integration:spring-integration-xml
- View open source insights on deps.dev
- Purl
- pkg:maven/org.springframework.integration/spring-integration-xml
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed4.3.19
Affected versions
1.*
1.0.1.RELEASE
1.0.2.RELEASE
1.0.2.SR1
1.0.3.RELEASE
1.0.4.RELEASE
2.*
2.0.0.RELEASE
2.0.1.RELEASE
2.0.3.RELEASE
2.0.4.RELEASE
2.0.5.RELEASE
2.0.6.RELEASE
2.1.0.RELEASE
2.1.1.RELEASE
2.1.2.RELEASE
2.1.3.RELEASE
2.1.4.RELEASE
2.1.5.RELEASE
2.1.6.RELEASE
2.2.0.RELEASE
2.2.1.RELEASE
2.2.2.RELEASE
2.2.3.RELEASE
2.2.4.RELEASE
2.2.5.RELEASE
2.2.6.RELEASE
2.2.7.RELEASE
3.*
3.0.0.RELEASE
3.0.1.RELEASE
3.0.2.RELEASE
3.0.3.RELEASE
3.0.4.RELEASE
3.0.5.RELEASE
3.0.6.RELEASE
3.0.7.RELEASE
3.0.8.RELEASE
4.*
4.0.0.RELEASE
4.0.1.RELEASE
4.0.2.RELEASE
4.0.3.RELEASE
4.0.4.RELEASE
4.0.5.RELEASE
4.0.6.RELEASE
4.0.7.RELEASE
4.0.8.RELEASE
4.0.9.RELEASE
4.1.0.RELEASE
4.1.1.RELEASE
4.1.2.RELEASE
4.1.3.RELEASE
4.1.4.RELEASE
4.1.5.RELEASE
4.1.6.RELEASE
4.1.7.RELEASE
4.1.8.RELEASE
4.1.9.RELEASE
4.2.0.RELEASE
4.2.1.RELEASE
4.2.2.RELEASE
4.2.3.RELEASE
4.2.4.RELEASE
4.2.5.RELEASE
4.2.6.RELEASE
4.2.7.RELEASE
4.2.8.RELEASE
4.2.9.RELEASE
4.2.11.RELEASE
4.2.12.RELEASE
4.2.13.RELEASE
4.3.0.RELEASE
4.3.1.RELEASE
4.3.2.RELEASE
4.3.4.RELEASE
4.3.5.RELEASE
4.3.6.RELEASE
4.3.7.RELEASE
4.3.8.RELEASE
4.3.9.RELEASE
4.3.10.RELEASE
4.3.11.RELEASE
4.3.12.RELEASE
4.3.13.RELEASE
4.3.14.RELEASE
4.3.15.RELEASE
4.3.16.RELEASE
4.3.17.RELEASE
4.3.18.RELEASE
Maven / org.springframework.integration:spring-integration-xml
Package
- Name
- org.springframework.integration:spring-integration-xml
- View open source insights on deps.dev
- Purl
- pkg:maven/org.springframework.integration/spring-integration-xml
Maven / org.springframework.integration:spring-integration-xml
Package
- Name
- org.springframework.integration:spring-integration-xml
- View open source insights on deps.dev
- Purl
- pkg:maven/org.springframework.integration/spring-integration-xml
Maven / org.springframework.integration:spring-integration-ws
Package
- Name
- org.springframework.integration:spring-integration-ws
- View open source insights on deps.dev
- Purl
- pkg:maven/org.springframework.integration/spring-integration-ws
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed4.3.19
Affected versions
1.*
1.0.1.RELEASE
1.0.2.RELEASE
1.0.2.SR1
1.0.3.RELEASE
1.0.4.RELEASE
2.*
2.0.0.RELEASE
2.0.1.RELEASE
2.0.3.RELEASE
2.0.4.RELEASE
2.0.5.RELEASE
2.0.6.RELEASE
2.1.0.RELEASE
2.1.1.RELEASE
2.1.2.RELEASE
2.1.3.RELEASE
2.1.4.RELEASE
2.1.5.RELEASE
2.1.6.RELEASE
2.2.0.RELEASE
2.2.1.RELEASE
2.2.2.RELEASE
2.2.3.RELEASE
2.2.4.RELEASE
2.2.5.RELEASE
2.2.6.RELEASE
2.2.7.RELEASE
3.*
3.0.0.RELEASE
3.0.1.RELEASE
3.0.2.RELEASE
3.0.3.RELEASE
3.0.4.RELEASE
3.0.5.RELEASE
3.0.6.RELEASE
3.0.7.RELEASE
3.0.8.RELEASE
4.*
4.0.0.RELEASE
4.0.1.RELEASE
4.0.2.RELEASE
4.0.3.RELEASE
4.0.4.RELEASE
4.0.5.RELEASE
4.0.6.RELEASE
4.0.7.RELEASE
4.0.8.RELEASE
4.0.9.RELEASE
4.1.0.RELEASE
4.1.1.RELEASE
4.1.2.RELEASE
4.1.3.RELEASE
4.1.4.RELEASE
4.1.5.RELEASE
4.1.6.RELEASE
4.1.7.RELEASE
4.1.8.RELEASE
4.1.9.RELEASE
4.2.0.RELEASE
4.2.1.RELEASE
4.2.2.RELEASE
4.2.3.RELEASE
4.2.4.RELEASE
4.2.5.RELEASE
4.2.6.RELEASE
4.2.7.RELEASE
4.2.8.RELEASE
4.2.9.RELEASE
4.2.11.RELEASE
4.2.12.RELEASE
4.2.13.RELEASE
4.3.0.RELEASE
4.3.1.RELEASE
4.3.2.RELEASE
4.3.4.RELEASE
4.3.5.RELEASE
4.3.6.RELEASE
4.3.7.RELEASE
4.3.8.RELEASE
4.3.9.RELEASE
4.3.10.RELEASE
4.3.11.RELEASE
4.3.12.RELEASE
4.3.13.RELEASE
4.3.14.RELEASE
4.3.15.RELEASE
4.3.16.RELEASE
4.3.17.RELEASE
4.3.18.RELEASE
Maven / org.springframework.integration:spring-integration-ws
Package
- Name
- org.springframework.integration:spring-integration-ws
- View open source insights on deps.dev
- Purl
- pkg:maven/org.springframework.integration/spring-integration-ws
Maven / org.springframework.integration:spring-integration-ws
Package
- Name
- org.springframework.integration:spring-integration-ws
- View open source insights on deps.dev
- Purl
- pkg:maven/org.springframework.integration/spring-integration-ws