Spring Batch versions 3.0.9, 4.0.1, 4.1.0, and older unsupported versions, were susceptible to XML External Entity Injection (XXE) when receiving XML data from untrusted sources.
oryginał ENCVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HPivotal Software Spring Batch
APPPivotal Software4.1.0≤ 3.0.94.0.0 – 4.0.1
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
XXE
Referencje
Powiązane podatności
CVE-2020-5411HIGH8.1ten sam produkt
When configured to enable default typing, Jackson contained a deserialization vulnerability that could lead to...
CVE-2018-1273CRITICAL9.8⚠ KEVten sam vendor
Spring Data Commons, versions prior to 1.13 to 1.13.10, 2.0 to 2.0.5, and older unsupported versions, contain ...
CVE-2020-5415CRITICAL10.0ten sam vendor
Concourse, versions prior to 6.3.1 and 6.4.1, in installations which use the GitLab auth connector, is vulnera...
CVE-2019-3793CRITICAL9.8ten sam vendor
Pivotal Apps Manager Release, versions 665.0.x prior to 665.0.28, versions 666.0.x prior to 666.0.21, versions...
CVE-2019-3773CRITICAL9.8ten sam vendor
Spring Web Services, versions 2.4.3, 3.0.4, and older unsupported versions of all three projects, were suscept...