Home

CVE-2019-3773

Description

Spring Web Services, versions 2.4.3, 3.0.4, and older unsupported versions of all three projects, were susceptible to XML External Entity Injection (XXE) when receiving XML data from untrusted sources.

Risk Information

Base Score
9.8
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
0.334

Associated Vulnerability

VulnerabilityOS Platform
Vulnerabilities CVE-2019-3773 are fixed in Spring - spring-xml 3.0.6Windows
Vulnerabilities CVE-2019-3773 are fixed in Spring-ws 3.0.6Windows
Vulnerabilities CVE-2019-3773 are fixed in Spring - spring-xml 2.4.4Windows
Vulnerabilities CVE-2019-3773 are fixed in Spring-ws 2.4.4Windows
Vulnerabilities CVE-2019-3773 are fixed in Spring - spring-xml for Linux 3.0.6Linux
Vulnerabilities CVE-2019-3773 are fixed in Spring-ws for Linux 3.0.6Linux
Vulnerabilities CVE-2019-3773 are fixed in Spring - spring-xml for Linux 2.4.4Linux
Vulnerabilities CVE-2019-3773 are fixed in Spring-ws for Linux 2.4.4Linux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234