Maven package
org.springframework.batch/spring-batch-core
pkg:maven/org.springframework.batch/spring-batch-core
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2020-5411 | — | >= 4.0.0, < 4.2.3 | 4.2.3 | Jun 11, 2020 | When configured to enable default typing, Jackson contained a deserialization vulnerability that could lead to arbitrary code execution. Jackson fixed this vulnerability by blacklisting known "deserialization gadgets". Spring Batch configures Jackson with global default typing en | ||
| CVE-2019-3774 | — | < 3.0.10.RELEASE | 3.0.10.RELEASE | Jan 18, 2019 | Spring Batch versions 3.0.9, 4.0.1, 4.1.0, and older unsupported versions, were susceptible to XML External Entity Injection (XXE) when receiving XML data from untrusted sources. |
- CVE-2020-5411Jun 11, 2020affected >= 4.0.0, < 4.2.3fixed 4.2.3
When configured to enable default typing, Jackson contained a deserialization vulnerability that could lead to arbitrary code execution. Jackson fixed this vulnerability by blacklisting known "deserialization gadgets". Spring Batch configures Jackson with global default typing en
- CVE-2019-3774Jan 18, 2019affected < 3.0.10.RELEASEfixed 3.0.10.RELEASE
Spring Batch versions 3.0.9, 4.0.1, 4.1.0, and older unsupported versions, were susceptible to XML External Entity Injection (XXE) when receiving XML data from untrusted sources.