CVE-2019-3773

Spring Web Services XML External Entity Injection (XXE)

EPSS 4.1%CWE-611

Spring Web Services, versions 2.4.3, 3.0.4, and older unsupported versions of all three projects, were susceptible to XML External Entity Injection (XXE) when receiving XML data from untrusted sources.

Produtos afetados

Spring · Spring Web Services

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://pivotal.io/security/cve-2019-3773 https://security.netapp.com/advisory/ntap-20231227-0011/https://www.oracle.com/security-alerts/cpuApr2021.html https://www.oracle.com/security-alerts/cpujan2021.html https://www.oracle.com//security-alerts/cpujul2021.html