CVE-2019-3773

Summary

Spring Web Services, versions 2.4.3, 3.0.4, and older unsupported versions of all three projects, were susceptible to XML External Entity Injection (XXE) when receiving XML data from untrusted sources.

Affected Software

VendorProductVersion RangeStatus
SpringSpring Web Services3.0 < v3.0.4.RELEASEaffected
SpringSpring Web Services2.4 < v2.4.3.RELEASEaffected

Weaknesses

  • CWE-611: CWE-611: XML External Entities (XXE)

ADP Enrichment

CVE Program Container

Additional References

References