EPSS
Percentile
78.7%
Spring Web Services, versions 2.4.3, 3.0.4, and older unsupported versions of all three projects, were susceptible to XML External Entity Injection (XXE) when receiving XML data from untrusted sources.
bugzilla.redhat.com/show_bug.cgi?id=1670593
nvd.nist.gov/vuln/detail/CVE-2019-3773
pivotal.io/security/cve-2019-3773
www.cve.org/CVERecord?id=CVE-2019-3773