Skip to content

Improper Restriction of XML External Entity Reference in org.springframework.integration:spring-integration-ws and org.springframework.integration:spring-integration-xml

Low severity GitHub Reviewed Published Jan 25, 2019 to the GitHub Advisory Database • Updated Mar 4, 2024

Package

maven org.springframework.integration:spring-integration-ws (Maven)

Affected versions

< 4.3.19
>= 5.0.0, < 5.0.11
>= 5.1.0, < 5.1.2

Patched versions

4.3.19
5.0.11
5.1.2
maven org.springframework.integration:spring-integration-xml (Maven)
< 4.3.19
>= 5.0.0, < 5.0.11
>= 5.1.0, < 5.1.2
4.3.19
5.0.11
5.1.2

Description

Spring Integration (spring-integration-xml and spring-integration-ws modules), versions 4.3.18, 5.0.10, 5.1.1, and older unsupported versions, were susceptible to XML External Entity Injection (XXE) when receiving XML data from untrusted sources.

References

Published to the GitHub Advisory Database Jan 25, 2019
Reviewed Jun 16, 2020
Last updated Mar 4, 2024

Severity

Low

EPSS score

0.554%
(77th percentile)

Weaknesses

CVE ID

CVE-2019-3772

GHSA ID

GHSA-wr5r-m8pc-85j9

Source code

No known source code

Credits

Loading Checking history
See something to contribute? Suggest improvements for this vulnerability.