Spring Web Services, versions 2.4.3, 3.0.4, and older unsupported versions of all three projects, were susceptible to XML External Entity Injection (XXE) when receiving XML data from untrusted sources.
References
Link | Resource |
---|---|
https://pivotal.io/security/cve-2019-3773 | Vendor Advisory |
https://security.netapp.com/advisory/ntap-20231227-0011/ | |
https://www.oracle.com//security-alerts/cpujul2021.html | Patch Third Party Advisory |
https://www.oracle.com/security-alerts/cpuApr2021.html | Not Applicable |
https://www.oracle.com/security-alerts/cpujan2021.html | Patch Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: dell
Published: 2019-01-18T00:00:00
Updated: 2023-12-27T15:06:23.165663
Reserved: 2019-01-03T00:00:00
Link: CVE-2019-3773
JSON object: View
NVD Information
Status : Modified
Published: 2019-01-18T22:29:01.020
Modified: 2023-12-27T15:15:44.890
Link: CVE-2019-3773
JSON object: View
Redhat Information
No data.
CWE