{ "affected": [ { "database_specific": { "unresolved_ranges": [ { "events": [ { "introduced": "0" }, { "last_affected": "16.0" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "17.0" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "18.0" } ] } ] }, "ranges": [ { "database_specific": { "versions": [ { "introduced": "0" }, { "last_affected": "4.3.18" }, { "introduced": "5.0.0" }, { "last_affected": "5.0.10" }, { "introduced": "5.1.0" }, { "last_affected": "5.1.1" } ] }, "events": [ { "introduced": "0" }, { "last_affected": "0c8a0076a97c3f7a8cb5a8e072ed9f0aaebd9964" }, { "introduced": "7072beab20ff99a7c209bedfdb578b0ab45bbac4" }, { "last_affected": "0fd9321ec8f026ab424ac768e9a843934d381c21" }, { "introduced": "3c4529e6cd3feb731f060f4822e9682b9244cfea" }, { "last_affected": "b047b8d9bb0da79765fe862927273aa6ccadb546" } ], "repo": "https://github.com/spring-projects/spring-integration", "type": "GIT" } ] } ], "details": "Spring Integration (spring-integration-xml and spring-integration-ws modules), versions 4.3.18, 5.0.10, 5.1.1, and older unsupported versions, were susceptible to XML External Entity Injection (XXE) when receiving XML data from untrusted sources.", "id": "CVE-2019-3772", "modified": "2026-03-13T21:46:50.155667241Z", "published": "2019-01-18T22:29:00.973Z", "references": [ { "type": "ADVISORY", "url": "http://www.securityfocus.com/bid/106749" }, { "type": "ADVISORY", "url": "https://pivotal.io/security/cve-2019-3772" }, { "type": "FIX", "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" } ], "severity": [ { "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "type": "CVSS_V3" } ] }