VYPR

Maven package

org.springframework.batch/spring-batch-core

pkg:maven/org.springframework.batch/spring-batch-core

Vulnerabilities (2)

  • CVE-2020-5411Jun 11, 2020
    affected >= 4.0.0, < 4.2.3fixed 4.2.3

    When configured to enable default typing, Jackson contained a deserialization vulnerability that could lead to arbitrary code execution. Jackson fixed this vulnerability by blacklisting known "deserialization gadgets". Spring Batch configures Jackson with global default typing en

  • CVE-2019-3774Jan 18, 2019
    affected < 3.0.10.RELEASEfixed 3.0.10.RELEASE

    Spring Batch versions 3.0.9, 4.0.1, 4.1.0, and older unsupported versions, were susceptible to XML External Entity Injection (XXE) when receiving XML data from untrusted sources.