CVE-2019-3772

Summary

Spring Integration (spring-integration-xml and spring-integration-ws modules), versions 4.3.18, 5.0.10, 5.1.1, and older unsupported versions, were susceptible to XML External Entity Injection (XXE) when receiving XML data from untrusted sources.

Affected Software

VendorProductVersion RangeStatus
SpringSpring Integration5.0 < v5.0.10.RELEASEaffected
SpringSpring Integration5.1 < v5.1.1.RELEASEaffected
SpringSpring Integration4.3 < v4.3.18.RELEASEaffected

Weaknesses

  • CWE-611: CWE-611: XML External Entities (XXE)

ADP Enrichment

CVE Program Container

Additional References

References