Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:maven/org.springframework.ws/spring-ws@3.0.4

Type maven

Namespace org.springframework.ws

Name spring-ws

Version 3.0.4

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 2.4.4

Latest_non_vulnerable_version 3.0.6

Affected_by_vulnerabilities

url VCID-guu4-5g8j-puau

vulnerability_id VCID-guu4-5g8j-puau

summary

Improper Restriction of XML External Entity Reference
Spring Web Services, versions 2.4.3, 3.0.4, and older unsupported versions of all three projects, were susceptible to XML External Entity Injection (XXE) when receiving XML data from untrusted sources.

references

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2019-3773
reference_id	CVE-2019-3773
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2019-3773

reference_url	https://pivotal.io/security/cve-2019-3773
reference_id	CVE-2019-3773
reference_type
scores
url	https://pivotal.io/security/cve-2019-3773

reference_url	https://github.com/advisories/GHSA-8222-6fc8-mhvf
reference_id	GHSA-8222-6fc8-mhvf
reference_type
scores
url	https://github.com/advisories/GHSA-8222-6fc8-mhvf

fixed_packages

url	pkg:maven/org.springframework.ws/spring-ws@3.0.6
purl	pkg:maven/org.springframework.ws/spring-ws@3.0.6
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.ws/spring-ws@3.0.6

aliases CVE-2019-3773, GHSA-8222-6fc8-mhvf

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-guu4-5g8j-puau

Fixing_vulnerabilities

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.ws/spring-ws@3.0.4

Package Instance