CVE-2019-3772

CVE-2019-3772: Spring Integration XML External Entity Injection (XXE)

Vendor Spring
Product Spring Integration
Weakness CWE-611 · XXE
Published January 18, 2019
Last update September 16, 2024

CVSS base score

What the vulnerability does

01Description

Spring Integration (spring-integration-xml and spring-integration-ws modules), versions 4.3.18, 5.0.10, 5.1.1, and older unsupported versions, were susceptible to XML External Entity Injection (XXE) when receiving XML data from untrusted sources.

Key dates

02Disclosure timeline

January 18, 2019 CVE published
September 16, 2024 Record updated