Description
Spring Web Services, versions 2.4.3, 3.0.4, and older unsupported versions of all three projects, were susceptible to XML External Entity Injection (XXE) when receiving XML data from untrusted sources.
Remediation
References
https://pivotal.io/security/cve-2019-3773
https://security.netapp.com/advisory/ntap-20231227-0011/
https://www.oracle.com//security-alerts/cpujul2021.html
https://www.oracle.com/security-alerts/cpuApr2021.html
https://www.oracle.com/security-alerts/cpujan2021.html
Related Vulnerabilities
CVE-2014-3612 Vulnerability in maven package org.apache.activemq:activemq-all
CVE-2022-23646 Vulnerability in npm package next
CVE-2023-20859 Vulnerability in maven package org.springframework.vault:spring-vault-core
CVE-2017-5645 Vulnerability in maven package org.apache.logging.log4j:log4j
CVE-2023-43123 Vulnerability in maven package org.apache.storm:storm-server