Low severityNVD Advisory· Published Jan 18, 2019· Updated Sep 16, 2024
Spring Integration XML External Entity Injection (XXE)
CVE-2019-3772
Description
Spring Integration (spring-integration-xml and spring-integration-ws modules), versions 4.3.18, 5.0.10, 5.1.1, and older unsupported versions, were susceptible to XML External Entity Injection (XXE) when receiving XML data from untrusted sources.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.springframework.integration:spring-integration-xmlMaven | < 4.3.19 | 4.3.19 |
org.springframework.integration:spring-integration-xmlMaven | >= 5.0.0, < 5.0.11 | 5.0.11 |
org.springframework.integration:spring-integration-xmlMaven | >= 5.1.0, < 5.1.2 | 5.1.2 |
org.springframework.integration:spring-integration-wsMaven | < 4.3.19 | 4.3.19 |
org.springframework.integration:spring-integration-wsMaven | >= 5.0.0, < 5.0.11 | 5.0.11 |
org.springframework.integration:spring-integration-wsMaven | >= 5.1.0, < 5.1.2 | 5.1.2 |
Affected products
3- ghsa-coords2 versionspkg:maven/org.springframework.integration/spring-integration-wspkg:maven/org.springframework.integration/spring-integration-xml
< 4.3.19+ 1 more
- (no CPE)range: < 4.3.19
- (no CPE)range: < 4.3.19
- Range: 5.0
Patches
Vulnerability mechanics
References
6- github.com/advisories/GHSA-wr5r-m8pc-85j9ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2019-3772ghsaADVISORY
- www.securityfocus.com/bid/106749ghsavdb-entryx_refsource_BIDWEB
- github.com/spring-projects/spring-integration/commit/59c69ed40d3755ef59f80872e0ea711adbb13620ghsaWEB
- pivotal.io/security/cve-2019-3772ghsax_refsource_CONFIRMWEB
- www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.htmlghsax_refsource_MISCWEB
News mentions
0No linked articles in our index yet.