GHSA-wr5r-m8pc-85j9
GitHub Security Advisory
Improper Restriction of XML External Entity Reference in org.springframework.integration:spring-integration-ws and org.springframework.integration:spring-integration-xml
✓ GitHub Reviewed
LOW
Has CVE
Advisory Details
Spring Integration (spring-integration-xml and spring-integration-ws modules), versions 4.3.18, 5.0.10, 5.1.1, and older unsupported versions, were susceptible to XML External Entity Injection (XXE) when receiving XML data from untrusted sources.
Affected Packages
Maven
org.springframework.integration:spring-integration-xml
Affected versions:
0
(fixed in 4.3.19)
Maven
org.springframework.integration:spring-integration-xml
Affected versions:
5.0.0
(fixed in 5.0.11)
Maven
org.springframework.integration:spring-integration-xml
Affected versions:
5.1.0
(fixed in 5.1.2)
Maven
org.springframework.integration:spring-integration-ws
Affected versions:
0
(fixed in 4.3.19)
Maven
org.springframework.integration:spring-integration-ws
Affected versions:
5.0.0
(fixed in 5.0.11)
Maven
org.springframework.integration:spring-integration-ws
Affected versions:
5.1.0
(fixed in 5.1.2)
Related CVEs
Key Information
2.5
/10
Dataset
Last updated: September 18, 2025 6:29 AM
Data from GitHub Advisory Database. This information is provided for research and educational purposes.