Search criteria

2 vulnerabilities found for Spring Web Services by Spring

CVE-2019-3773 (GCVE-0-2019-3773)

Vulnerability from cvelistv5 – Published: 2019-01-18 22:00 – Updated: 2024-09-17 03:33
VLAI
Title
Spring Web Services XML External Entity Injection (XXE)
Summary
Spring Web Services, versions 2.4.3, 3.0.4, and older unsupported versions of all three projects, were susceptible to XML External Entity Injection (XXE) when receiving XML data from untrusted sources.
Severity
No CVSS data available.
CWE
  • CWE-611 - XML External Entities (XXE)
Assigner
References
Impacted products
Vendor Product Version
Spring Spring Web Services Affected: 3.0 , < v3.0.4.RELEASE (custom)
Affected: 2.4 , < v2.4.3.RELEASE (custom)
Create a notification for this product.
Date Public
2019-01-15 00:00
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T19:19:18.472Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://pivotal.io/security/cve-2019-3773"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20231227-0011/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Spring Web Services",
          "vendor": "Spring",
          "versions": [
            {
              "lessThan": "v3.0.4.RELEASE",
              "status": "affected",
              "version": "3.0",
              "versionType": "custom"
            },
            {
              "lessThan": "v2.4.3.RELEASE",
              "status": "affected",
              "version": "2.4",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2019-01-15T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Spring Web Services, versions 2.4.3, 3.0.4, and older unsupported versions of all three projects, were susceptible to XML External Entity Injection (XXE) when receiving XML data from untrusted sources."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-611",
              "description": "CWE-611: XML External Entities (XXE)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-12-27T15:06:23.165Z",
        "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "shortName": "dell"
      },
      "references": [
        {
          "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
        },
        {
          "url": "https://pivotal.io/security/cve-2019-3773"
        },
        {
          "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
        },
        {
          "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20231227-0011/"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Spring Web Services XML External Entity Injection (XXE)"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
    "assignerShortName": "dell",
    "cveId": "CVE-2019-3773",
    "datePublished": "2019-01-18T22:00:00.000Z",
    "dateReserved": "2019-01-03T00:00:00.000Z",
    "dateUpdated": "2024-09-17T03:33:35.558Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2019-3773 (GCVE-0-2019-3773)

Vulnerability from nvd – Published: 2019-01-18 22:00 – Updated: 2024-09-17 03:33
VLAI
Title
Spring Web Services XML External Entity Injection (XXE)
Summary
Spring Web Services, versions 2.4.3, 3.0.4, and older unsupported versions of all three projects, were susceptible to XML External Entity Injection (XXE) when receiving XML data from untrusted sources.
Severity
No CVSS data available.
CWE
  • CWE-611 - XML External Entities (XXE)
Assigner
References
Impacted products
Vendor Product Version
Spring Spring Web Services Affected: 3.0 , < v3.0.4.RELEASE (custom)
Affected: 2.4 , < v2.4.3.RELEASE (custom)
Create a notification for this product.
Date Public
2019-01-15 00:00
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T19:19:18.472Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://pivotal.io/security/cve-2019-3773"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20231227-0011/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Spring Web Services",
          "vendor": "Spring",
          "versions": [
            {
              "lessThan": "v3.0.4.RELEASE",
              "status": "affected",
              "version": "3.0",
              "versionType": "custom"
            },
            {
              "lessThan": "v2.4.3.RELEASE",
              "status": "affected",
              "version": "2.4",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2019-01-15T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Spring Web Services, versions 2.4.3, 3.0.4, and older unsupported versions of all three projects, were susceptible to XML External Entity Injection (XXE) when receiving XML data from untrusted sources."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-611",
              "description": "CWE-611: XML External Entities (XXE)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-12-27T15:06:23.165Z",
        "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "shortName": "dell"
      },
      "references": [
        {
          "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
        },
        {
          "url": "https://pivotal.io/security/cve-2019-3773"
        },
        {
          "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
        },
        {
          "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20231227-0011/"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Spring Web Services XML External Entity Injection (XXE)"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
    "assignerShortName": "dell",
    "cveId": "CVE-2019-3773",
    "datePublished": "2019-01-18T22:00:00.000Z",
    "dateReserved": "2019-01-03T00:00:00.000Z",
    "dateUpdated": "2024-09-17T03:33:35.558Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}