VYPR
Low severityNVD Advisory· Published Jan 18, 2019· Updated Sep 16, 2024

Spring Batch XML External Entity Injection (XXE)

CVE-2019-3774

Description

Spring Batch versions 3.0.9, 4.0.1, 4.1.0, and older unsupported versions, were susceptible to XML External Entity Injection (XXE) when receiving XML data from untrusted sources.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
org.springframework.batch:spring-batch-coreMaven
< 3.0.10.RELEASE3.0.10.RELEASE
org.springframework.batch:spring-batch-coreMaven
>= 4.0.0.RELEASE, < 4.0.2.RELEASE4.0.2.RELEASE
org.springframework.batch:spring-batch-coreMaven
>= 4.1.0.RELEASE, < 4.1.1.RELEASE4.1.1.RELEASE

Affected products

2

Patches

Vulnerability mechanics

References

41

News mentions

0

No linked articles in our index yet.