XML External Entity Injection (XXE) Vulnerability in Spring Integration

CVE-2019-3772 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

Spring Integration (spring-integration-xml and spring-integration-ws modules), versions 4.3.18, 5.0.10, 5.1.1, and older unsupported versions, were susceptible to XML External Entity Injection (XXE) when receiving XML data from untrusted sources.

Learn more about our External Network Penetration Testing.