Description
Spring Web Services, versions 2.4.3, 3.0.4, and older unsupported versions of all three projects, were susceptible to XML External Entity Injection (XXE) when receiving XML data from untrusted sources.
Remediation
References
https://pivotal.io/security/cve-2019-3773
https://www.oracle.com/security-alerts/cpujan2021.html
https://www.oracle.com/security-alerts/cpuApr2021.html
https://www.oracle.com//security-alerts/cpujul2021.html
https://security.netapp.com/advisory/ntap-20231227-0011/
Related Vulnerabilities
CVE-2023-30548 Vulnerability in npm package gatsby-plugin-sharp
CVE-2021-21366 Vulnerability in npm package xmldom
CVE-2019-5786 Vulnerability in maven package org.webjars.npm:electron
CVE-2015-8315 Vulnerability in npm package millisecond
CVE-2023-24426 Vulnerability in maven package org.jenkins-ci.plugins:azure-ad