CVE-2019-3773
N/A
N/A
Summary
Spring Web Services, versions 2.4.3, 3.0.4, and older unsupported versions of all three projects, were susceptible to XML External Entity Injection (XXE) when receiving XML data from untrusted sources.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Spring | Spring Web Services | 3.0 < v3.0.4.RELEASE | affected |
| Spring | Spring Web Services | 2.4 < v2.4.3.RELEASE | affected |
Weaknesses
- CWE-611: CWE-611: XML External Entities (XXE)
ADP Enrichment
CVE Program Container
Additional References
- https://www.oracle.com/security-alerts/cpujan2021.html
- https://pivotal.io/security/cve-2019-3773
- https://www.oracle.com/security-alerts/cpuApr2021.html
- https://www.oracle.com//security-alerts/cpujul2021.html
- https://security.netapp.com/advisory/ntap-20231227-0011/
References
- https://www.oracle.com/security-alerts/cpujan2021.html
- https://pivotal.io/security/cve-2019-3773
- https://www.oracle.com/security-alerts/cpuApr2021.html
- https://www.oracle.com//security-alerts/cpujul2021.html
- https://security.netapp.com/advisory/ntap-20231227-0011/
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.