ghsa-8222-6fc8-mhvf
Vulnerability from github
Published
2019-01-25 16:18
Modified
2021-06-15 16:59
Severity
Summary
Vulnerability that affects org.springframework.ws:spring-ws and org.springframework.ws:spring-xml
Details
Spring Web Services, versions 2.4.3, 3.0.4, and older unsupported versions of all three projects, were susceptible to XML External Entity Injection (XXE) when receiving XML data from untrusted sources.
{ "affected": [ { "package": { "ecosystem": "Maven", "name": "org.springframework.ws:spring-ws" }, "ranges": [ { "events": [ { "introduced": "0" }, { "fixed": "2.4.4" } ], "type": "ECOSYSTEM" } ] }, { "database_specific": { "last_known_affected_version_range": "\u003c= 3.0.4" }, "package": { "ecosystem": "Maven", "name": "org.springframework.ws:spring-ws" }, "ranges": [ { "events": [ { "introduced": "3.0.0" }, { "fixed": "3.0.6" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "Maven", "name": "org.springframework.ws:spring-xml" }, "ranges": [ { "events": [ { "introduced": "0" }, { "fixed": "2.4.4" } ], "type": "ECOSYSTEM" } ] }, { "database_specific": { "last_known_affected_version_range": "\u003c= 3.0.4" }, "package": { "ecosystem": "Maven", "name": "org.springframework.ws:spring-xml" }, "ranges": [ { "events": [ { "introduced": "3.0.0" }, { "fixed": "3.0.6" } ], "type": "ECOSYSTEM" } ] } ], "aliases": [ "CVE-2019-3773" ], "database_specific": { "cwe_ids": [ "CWE-611" ], "github_reviewed": true, "github_reviewed_at": "2020-06-16T21:23:54Z", "nvd_published_at": "2019-01-18T22:29:00Z", "severity": "CRITICAL" }, "details": "Spring Web Services, versions 2.4.3, 3.0.4, and older unsupported versions of all three projects, were susceptible to XML External Entity Injection (XXE) when receiving XML data from untrusted sources.", "id": "GHSA-8222-6fc8-mhvf", "modified": "2021-06-15T16:59:20Z", "published": "2019-01-25T16:18:52Z", "references": [ { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-3773" }, { "type": "ADVISORY", "url": "https://github.com/advisories/GHSA-8222-6fc8-mhvf" }, { "type": "WEB", "url": "https://pivotal.io/security/cve-2019-3773" }, { "type": "WEB", "url": "https://www.oracle.com/security-alerts/cpuApr2021.html" }, { "type": "WEB", "url": "https://www.oracle.com/security-alerts/cpujan2021.html" }, { "type": "WEB", "url": "https://www.oracle.com/security-alerts/cpujul2021.html" } ], "schema_version": "1.4.0", "severity": [ { "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "type": "CVSS_V3" } ], "summary": "Vulnerability that affects org.springframework.ws:spring-ws and org.springframework.ws:spring-xml" }
Loading...