Description
Spring Web Services, versions 2.4.3, 3.0.4, and older unsupported versions of all three projects, were susceptible to XML External Entity Injection (XXE) when receiving XML data from untrusted sources.
Remediation
References
https://pivotal.io/security/cve-2019-3773
https://www.oracle.com/security-alerts/cpujan2021.html
https://www.oracle.com/security-alerts/cpuApr2021.html
https://www.oracle.com//security-alerts/cpujul2021.html
https://security.netapp.com/advisory/ntap-20231227-0011/
Related Vulnerabilities
CVE-2023-20883 Vulnerability in maven package org.springframework.boot:spring-boot-autoconfigure
CVE-2019-10379 Vulnerability in maven package org.jenkins-ci.plugins:gcm-notification
CVE-2021-36686 Vulnerability in npm package yapi-vendor
CVE-2022-25878 Vulnerability in maven package org.webjars.npm:protobufjs
CVE-2019-1003010 Vulnerability in maven package org.jenkins-ci.plugins:git