CRITICAL🇵🇱 Wersja polska

CVE-2019-3774

CVSS 9.8v3.0pub. 2019-01-18upd. 2024-11-21

Spring Batch versions 3.0.9, 4.0.1, 4.1.0, and older unsupported versions, were susceptible to XML External Entity Injection (XXE) when receiving XML data from untrusted sources.

CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Pivotal Software Spring Batch

    APP
    Pivotal Software
    4.1.0≤ 3.0.94.0.0 – 4.0.1
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
XXE
CWE
References

Related vulnerabilities

CVE-2020-5411HIGH8.1ten sam produkt

When configured to enable default typing, Jackson contained a deserialization vulnerability that could lead to...

CVE-2018-1273CRITICAL9.8⚠ KEVten sam vendor

Spring Data Commons, versions prior to 1.13 to 1.13.10, 2.0 to 2.0.5, and older unsupported versions, contain ...

CVE-2020-5415CRITICAL10.0ten sam vendor

Concourse, versions prior to 6.3.1 and 6.4.1, in installations which use the GitLab auth connector, is vulnera...

CVE-2019-3793CRITICAL9.8ten sam vendor

Pivotal Apps Manager Release, versions 665.0.x prior to 665.0.28, versions 666.0.x prior to 666.0.21, versions...

CVE-2019-3773CRITICAL9.8ten sam vendor

Spring Web Services, versions 2.4.3, 3.0.4, and older unsupported versions of all three projects, were suscept...