CVE-2019-3773

Spring Web Services, versions 2.4.3, 3.0.4, and older unsupported versions of all three projects, were susceptible to XML External Entity Injection XXE when receiving XML data from untrusted sources...

CVE-2019-3774

Spring Batch versions 3.0.9, 4.0.1, 4.1.0, and older unsupported versions, were susceptible to XML External Entity Injection XXE when receiving XML data from untrusted sources...

CVE-2019-3774

Spring Batch versions 3.0.9, 4.0.1, 4.1.0, and older unsupported versions, were susceptible to XML External Entity Injection XXE when receiving XML data from untrusted sources...

Xxe

Spring Batch versions 3.0.9, 4.0.1, 4.1.0, and older unsupported versions, were susceptible to XML External Entity Injection XXE when receiving XML data from untrusted sources...

Xxe

Spring Integration spring-integration-xml and spring-integration-ws modules, versions 4.3.18, 5.0.10, 5.1.1, and older unsupported versions, were susceptible to XML External Entity Injection XXE when receiving XML data from untrusted sources...

CVE-2019-3772

Spring Integration spring-integration-xml and spring-integration-ws modules, versions 4.3.18, 5.0.10, 5.1.1, and older unsupported versions, were susceptible to XML External Entity Injection XXE when receiving XML data from untrusted sources...

Xxe

Spring Web Services, versions 2.4.3, 3.0.4, and older unsupported versions of all three projects, were susceptible to XML External Entity Injection XXE when receiving XML data from untrusted sources...

CVE-2019-3772

Spring Integration spring-integration-xml and spring-integration-ws modules, versions 4.3.18, 5.0.10, 5.1.1, and older unsupported versions, were susceptible to XML External Entity Injection XXE when receiving XML data from untrusted sources...

CVE-2019-3774 Spring Batch XML External Entity Injection (XXE)

Spring Batch versions 3.0.9, 4.0.1, 4.1.0, and older unsupported versions, were susceptible to XML External Entity Injection XXE when receiving XML data from untrusted sources...

CVE-2019-3772 Spring Integration XML External Entity Injection (XXE)

Spring Integration spring-integration-xml and spring-integration-ws modules, versions 4.3.18, 5.0.10, 5.1.1, and older unsupported versions, were susceptible to XML External Entity Injection XXE when receiving XML data from untrusted sources...

CVE-2019-3774

CVE-2019-3774 affects Spring Batch versions 3.0.9, 4.0.1, 4.1.0 and older unsupported versions. It is caused by an XML External Entity (XXE) vulnerability when processing XML data from untrusted sources. Public scoring indicates high severity (CVSS v3 base 9.8; v2 base 7.5). No remediation or fix...

CVE-2019-3772

The CVE-2019-3772 entry concerns Spring Integration’s XML handling in the spring-integration-xml and spring-integration-ws modules. Affected versions are 4.3.18, 5.0.10, 5.1.1, and older unsupported releases. The root cause is an XML External Entity (XXE) vulnerability when processing XML data fr...

CVE-2019-3773

CVE-2019-3773 affects Spring Web Services (versions 2.4.3, 3.0.4, and other older, unsupported lines) and is due to XML External Entity (XXE) injection when processing XML from untrusted sources. The issue is rated high/critical (CVSSv3 9.8, network attack, unauthenticated, with high impact to co...

PT-2019-5717 · Spring · Spring Web Services

Name of the Vulnerable Software and Affected Versions: Spring Web Services versions 2.4.3, 3.0.4, and older unsupported versions Description: The issue is related to incorrect restriction of XML links to external objects, which can lead to XML External Entity Injection XXE when receiving XML data...

XML External Entity Injection (XXE)

Spring Integration is vulnerable to XML external entity injection XXE. The library does not filter malicious XML data input due to failing to disable the Document Type Definition External Entities by default...

XML External Entity Injection (XXE)

spring-ws is vulnerable to XML external entity injection XXE. The external document type definition external entities is not disabled by default and allows a remote attacker to perform XXE attacks via malicious XML data input...

XML External Entity Injection (XXE)

Spring Batch Core is vulnerable to XML external entity injection XXE. The vulnerability exists because it fails to disable Document Type Definition External Entities by default, allowing an attacker to perform XXE attacks using malicious XML data input...

Remote Code Execution (RCE)

Jackson-databind is vulnerable to remote code execution RCE attacks. Attackers can exploit an incomplete fix of CVE-2017-7525 to bypass the blacklist when Spring libraries are available on the class path. In order to be vulnerable to this attack, either the use of @JsonTypeInfouse =...

VulnCheck KEV: CVE-2018-1273

Spring Data Commons contains a property binder vulnerability which can allow an attacker to perform remote code execution...

ai.foremast.metrics:foremast-spring-boot-15x-starter (>=0.1.8 <=0.1.12), ai.snips:play-mongo-bson_2.12 (>=0.5 <=0.5.1) +5714 more potentially affected by CVE-2018-14721 via com.fasterxml.jackson.core:jackson-databind (>=2.8.0 <=2.8.11.2)

com.fasterxml.jackson.core:jackson-databind MAVEN version =2.8.0, =0.1.8, =0.5, =2.3.0, =1.5.6, =4.2.1, =4.4.1, =1.0.0.RELEASE, =0.4, =0.4, =0.4, =0.4, =0.4, =0.4, =0.4, =0.4, =0.9 and more Source cves: CVE-2018-14721 Source advisory: OSV:GHSA-9MXF-G3X6-WV74...