6 matches found
Important: Red Hat Security Advisory: Red Hat Fuse 7.8.0 release and security update
A minor version update from 7.7 to 7.8 is now available for Red Hat Fuse. The purpose of this text-only errata is to inform you about the security issues fixed in this release. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring...
CVE-2019-3773
Spring Web Services, versions 2.4.3, 3.0.4, and older unsupported versions of all three projects, were susceptible to XML External Entity Injection XXE when receiving XML data from untrusted sources...
com.makeandbuild:persistence (=1.0.47), com.makeandbuild:propconfig (=1.0.5) +5 more potentially affected by CVE-2019-3773 via org.springframework.ws:spring-ws (=2.1.0.RELEASE)
org.springframework.ws:spring-ws MAVEN version =2.1.0.RELEASE is affected by a known vulnerability. The following packages have a transitive dependency on org.springframework.ws:spring-ws and may be impacted: - com.makeandbuild:persistence =1.0.47 - com.makeandbuild:propconfig =1.0.5 -...
CVE-2019-3773
Spring Web Services, versions 2.4.3, 3.0.4, and older unsupported versions of all three projects, were susceptible to XML External Entity Injection XXE when receiving XML data from untrusted sources...
CVE-2019-3773
CVE-2019-3773 affects Spring Web Services (versions 2.4.3, 3.0.4, and other older, unsupported lines) and is due to XML External Entity (XXE) injection when processing XML from untrusted sources. The issue is rated high/critical (CVSSv3 9.8, network attack, unauthenticated, with high impact to co...
CVE-2019-3773 Spring Web Services XML External Entity Injection (XXE)
Spring Web Services, versions 2.4.3, 3.0.4, and older unsupported versions of all three projects, were susceptible to XML External Entity Injection XXE when receiving XML data from untrusted sources...