Spring Integration XML External Entity Injection (XXE)
CVE-2019-3772

9.8CRITICAL

Key Information:

Vendor

Spring

Status
Spring Integration
Vendor
CVE Published:
18 January 2019

What is CVE-2019-3772?

Spring Integration (spring-integration-xml and spring-integration-ws modules), versions 4.3.18, 5.0.10, 5.1.1, and older unsupported versions, were susceptible to XML External Entity Injection (XXE) when receiving XML data from untrusted sources.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Spring Integration 5.0

Spring Integration 5.1

Spring Integration 4.3

References

https://pivotal.io/security/cve-2019-3772
x_refsource_CONFIRM
https://www.oracle.com/technetwork/security-advisory/cpua...
x_refsource_MISC
http://www.securityfocus.com/bid/106749
vdb-entryx_refsource_BID

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.