Skip to content

Low severity vulnerability that affects org.springframework.batch:spring-batch-core

Low severity GitHub Reviewed Published Jan 25, 2019 to the GitHub Advisory Database • Updated Jan 9, 2023

Package

maven org.springframework.batch:spring-batch-core (Maven)

Affected versions

< 3.0.10
>= 4.0.0, < 4.0.2
= 4.1.0

Patched versions

3.0.10
4.0.2
4.1.1

Description

Spring Batch versions 3.0.9, 4.0.1, 4.1.0, and older unsupported versions, were susceptible to XML External Entity Injection (XXE) when receiving XML data from untrusted sources.

References

Published to the GitHub Advisory Database Jan 25, 2019
Reviewed Jun 16, 2020
Last updated Jan 9, 2023

Severity

Low

EPSS score

2.116%
(90th percentile)

Weaknesses

CVE ID

CVE-2019-3774

GHSA ID

GHSA-3wc8-659g-r88q

Source code

No known source code
Loading Checking history
See something to contribute? Suggest improvements for this vulnerability.