Description
Spring Web Services, versions 2.4.3, 3.0.4, and older unsupported versions of all three projects, were susceptible to XML External Entity Injection (XXE) when receiving XML data from untrusted sources.
Remediation
References
https://pivotal.io/security/cve-2019-3773
https://security.netapp.com/advisory/ntap-20231227-0011/
https://www.oracle.com//security-alerts/cpujul2021.html
https://www.oracle.com/security-alerts/cpuApr2021.html
https://www.oracle.com/security-alerts/cpujan2021.html
Related Vulnerabilities
CVE-2023-25499 Vulnerability in maven package com.vaadin:flow-server
CVE-2023-28672 Vulnerability in maven package org.jenkinsci.plugins:octoperf
CVE-2018-14042 Vulnerability in maven package org.webjars.npm:bootstrap-sass
CVE-2022-24785 Vulnerability in maven package org.webjars.bower:moment
CVE-2020-2226 Vulnerability in maven package org.jenkins-ci.plugins:matrix-project