Security Advisories

CVE-2019-3773: XML External Entity Injection (XXE)

CRITICAL | JANUARY 14, 2019 | CVE-2019-3773

Description Affected Spring Products and Versions Mitigation References https://www.owasp.org/index.php/XML_External_Entity_(XXE)_Prevention_Cheat_Sheet History 2019-01-14: Initial vulnerability report published.

CVE-2019-3774: XML External Entity Injection (XXE)

CRITICAL | JANUARY 14, 2019 | CVE-2019-3774

Description Affected Spring Products and Versions Mitigation References https://www.owasp.org/index.php/XML_External_Entity_(XXE)_Prevention_Cheat_Sheet History 2019-01-14: Initial vulnerability report published.

CVE-2018-15801: Authorization Bypass During JWT Issuer Validation with spring-security

LOW | DECEMBER 18, 2018 | CVE-2018-15801

Description Affected Spring Products and Versions Mitigation Credit This issue was identified and responsibly reported by Björn Bilger. References Example “Deprecate JSONP support and update…

CVE-2018-1263: Unsafe Unzip with spring-integration-zip

CRITICAL | MAY 11, 2018 | CVE-2018-1263

Description Affected Spring Products and Versions Mitigation Credit This issue was identified and responsibly reported by the Snyk Security Research Team and Abago Forgans. History 2018-05-11: Initial vulnerability report published

CVE-2018-1257: ReDoS Attack with spring-messaging

HIGH | MAY 09, 2018 | CVE-2018-1257

Description Affected Spring Products and Versions Mitigation Credit This issue was identified and responsibly reported by Muneaki Nishimura (nishimunea) of Recruit Technologies Co., Ltd. References Example

Spring Security Advisories

CVE-2019-3773: XML External Entity Injection (XXE)

CVE-2019-3774: XML External Entity Injection (XXE)

CVE-2018-15801: Authorization Bypass During JWT Issuer Validation with spring-security

CVE-2018-1263: Unsafe Unzip with spring-integration-zip

CVE-2018-1257: ReDoS Attack with spring-messaging