CVE-2019-3774

Summary

Spring Batch versions 3.0.9, 4.0.1, 4.1.0, and older unsupported versions, were susceptible to XML External Entity Injection (XXE) when receiving XML data from untrusted sources.

Affected Software

VendorProductVersion RangeStatus
SpringSpring Batch4.0 < 4.0.1.RELEASEaffected
SpringSpring Batch4.1 < 4.1.0.RELEASEaffected
SpringSpring Batch3.0 < 3.0.9.RELEASEaffected

Weaknesses

  • CWE-611: CWE-611: XML External Entities (XXE)

ADP Enrichment

CVE Program Container

Additional References

References