CVE-2019-3773: Improper Restriction of XML External Entity Reference

January 25, 2019 (updated June 15, 2021)

Spring Web Services, versions 2.4.3, 3.0.4, and older unsupported versions of all three projects, were susceptible to XML External Entity Injection (XXE) when receiving XML data from untrusted sources.

References

github.com/advisories/GHSA-8222-6fc8-mhvf
nvd.nist.gov/vuln/detail/CVE-2019-3773
pivotal.io/security/cve-2019-3773

Detect and mitigate CVE-2019-3773 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →