XML External Entity Injection (XXE) Vulnerability in Spring Web Services

XML External Entity Injection (XXE) Vulnerability in Spring Web Services

CVE-2019-3773 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Spring Web Services, versions 2.4.3, 3.0.4, and older unsupported versions of all three projects, were susceptible to XML External Entity Injection (XXE) when receiving XML data from untrusted sources.

Learn more about our Web App Pen Testing.