← back
CVE-2019-3773

Spring Web Services XML External Entity Injection (XXE)

EPSS 4.1%CWE-611
Spring Web Services, versions 2.4.3, 3.0.4, and older unsupported versions of all three projects, were susceptible to XML External Entity Injection (XXE) when receiving XML data from untrusted sources.
Affected products
Spring · Spring Web Services

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://pivotal.io/security/cve-2019-3773https://security.netapp.com/advisory/ntap-20231227-0011/https://www.oracle.com/security-alerts/cpuApr2021.htmlhttps://www.oracle.com/security-alerts/cpujan2021.htmlhttps://www.oracle.com//security-alerts/cpujul2021.html