Spring Web Services, versions 2.4.3, 3.0.4, and older unsupported versions of all three projects, were susceptible to XML External Entity Injection (XXE) when receiving XML data from untrusted sources.
History

Tue, 17 Sep 2024 03:45:00 +0000

Type Values Removed Values Added
Title Spring Web Services XML External Entity Injection (XXE) Spring Web Services XML External Entity Injection (XXE)

cve-icon MITRE

Status: PUBLISHED

Assigner: dell

Published: 2019-01-18T22:00:00Z

Updated: 2024-09-17T03:33:35.558Z

Reserved: 2019-01-03T00:00:00

Link: CVE-2019-3773

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2019-01-18T22:29:01.020

Modified: 2024-11-21T04:42:30.113

Link: CVE-2019-3773

cve-icon Redhat

Severity : Moderate

Publid Date: 2019-01-14T00:00:00Z

Links: CVE-2019-3773 - Bugzilla