Описание
Improper Restriction of XML External Entity Reference in org.springframework.integration:spring-integration-ws and org.springframework.integration:spring-integration-xml
Spring Integration (spring-integration-xml and spring-integration-ws modules), versions 4.3.18, 5.0.10, 5.1.1, and older unsupported versions, were susceptible to XML External Entity Injection (XXE) when receiving XML data from untrusted sources.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2019-3772
- https://github.com/spring-projects/spring-integration/commit/59c69ed40d3755ef59f80872e0ea711adbb13620
- https://github.com/advisories/GHSA-wr5r-m8pc-85j9
- https://pivotal.io/security/cve-2019-3772
- https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
- http://www.securityfocus.com/bid/106749
Пакеты
org.springframework.integration:spring-integration-xml
< 4.3.19
4.3.19
org.springframework.integration:spring-integration-xml
>= 5.0.0, < 5.0.11
5.0.11
org.springframework.integration:spring-integration-xml
>= 5.1.0, < 5.1.2
5.1.2
org.springframework.integration:spring-integration-ws
< 4.3.19
4.3.19
org.springframework.integration:spring-integration-ws
>= 5.0.0, < 5.0.11
5.0.11
org.springframework.integration:spring-integration-ws
>= 5.1.0, < 5.1.2
5.1.2
Связанные уязвимости
Spring Integration (spring-integration-xml and spring-integration-ws modules), versions 4.3.18, 5.0.10, 5.1.1, and older unsupported versions, were susceptible to XML External Entity Injection (XXE) when receiving XML data from untrusted sources.
Spring Integration (spring-integration-xml and spring-integration-ws modules), versions 4.3.18, 5.0.10, 5.1.1, and older unsupported versions, were susceptible to XML External Entity Injection (XXE) when receiving XML data from untrusted sources.
Уязвимость программной платформы для интеграции корпоративных приложений Spring Integration, связанная с неверным ограничением XML-ссылок на внешние объекты, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации