CVE-2019-3773

Name of the Vulnerable Software and Affected Versions Spring Web Services versions 2.4.3, 3.0.4, and older unsupported versions

Description The issue is related to incorrect restriction of XML links to external objects, which can lead to XML External Entity Injection (XXE) when receiving XML data from untrusted sources. This can allow a remote attacker to impact the confidentiality, integrity, and availability of information.

Recommendations For versions 2.4.3 and 3.0.4, update to a version that includes a fix for the XML External Entity Injection issue. For older unsupported versions, consider upgrading to a supported version that includes the necessary security fixes. As a temporary workaround, consider restricting the reception of XML data from untrusted sources to minimize the risk of exploitation.