Description

Spring Web Services, versions 2.4.3, 3.0.4, and older unsupported versions of all three projects, were susceptible to XML External Entity Injection (XXE) when receiving XML data from untrusted sources.

Remediation

References

https://pivotal.io/security/cve-2019-3773

https://security.netapp.com/advisory/ntap-20231227-0011/

https://www.oracle.com//security-alerts/cpujul2021.html

https://www.oracle.com/security-alerts/cpuApr2021.html

https://www.oracle.com/security-alerts/cpujan2021.html

Related Vulnerabilities

CVE-2023-24441 Vulnerability in maven package org.jvnet.hudson.plugins:mstest

CVE-2019-1003064 Vulnerability in maven package org.jenkins-ci.plugins:aws-device-farm

CVE-2022-45390 Vulnerability in maven package io.loader:loaderio-jenkins-plugin

CVE-2022-24289 Vulnerability in maven package org.apache.cayenne:cayenne-server

CVE-2021-42697 Vulnerability in maven package com.typesafe.akka:akka-http_2.13

Severity

Critical

Classification

CWE-611 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Vendor Advisory Patch Third Party Advisory Not Applicable