Low severity vulnerability that affects org.springframework.ws:spring-ws and org.springframework.ws:spring-xml

2019-01-25T16:18:52
ID GHSA-8222-6FC8-MHVF
Type github
Reporter GitHub Advisory Database
Modified 2019-07-03T21:02:06

Description

Spring Web Services, versions 2.4.3, 3.0.4, and older unsupported versions of all three projects, were susceptible to XML External Entity Injection (XXE) when receiving XML data from untrusted sources.