Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTN3YzgtNjU5Zy1yODhx
Low severity vulnerability that affects org.springframework.batch:spring-batch-core
Spring Batch versions 3.0.9, 4.0.1, 4.1.0, and older unsupported versions, were susceptible to XML External Entity Injection (XXE) when receiving XML data from untrusted sources.
Permalink: https://github.com/advisories/GHSA-3wc8-659g-r88qJSON: https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTN3YzgtNjU5Zy1yODhx
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Low
Classification: General
Published: over 5 years ago
Updated: over 1 year ago
Identifiers: GHSA-3wc8-659g-r88q, CVE-2019-3774
References:
- https://nvd.nist.gov/vuln/detail/CVE-2019-3774
- https://github.com/advisories/GHSA-3wc8-659g-r88q
- https://lists.apache.org/thread.html/r01292194daa9ed3117b34dabec0c26929f6db13b9613fc144f720d52@%3Cissues.servicemix.apache.org%3E
- https://lists.apache.org/thread.html/r0153a08177fcfac7584c7b9ea3027f1e8f18f770126f905b9989190e@%3Cissues.servicemix.apache.org%3E
- https://lists.apache.org/thread.html/r08e7ddc354bdcbf95d88399f18b3d804865034f8bc706095e594b29f@%3Cissues.servicemix.apache.org%3E
- https://lists.apache.org/thread.html/r2349237482bcec43632d9d78d7d2804520d9a82f4d8b1fd96bb616b8@%3Cissues.servicemix.apache.org%3E
- https://lists.apache.org/thread.html/r47c7f67a3067ec09262eef0705abc42ea1b646699d9198bcaf8dad02@%3Cissues.servicemix.apache.org%3E
- https://lists.apache.org/thread.html/r5fbb63e405d2211c16524d33f52e3b122109d3bc88d5f74623fb212d@%3Ccommits.servicemix.apache.org%3E
- https://lists.apache.org/thread.html/r78645ca0eef44a276e144447fb2087db758b1fb8826d0330b3f0da1a@%3Cissues.servicemix.apache.org%3E
- https://lists.apache.org/thread.html/r79991aeb5d0c53c67e400e037c72758a06607752ca2f23b5302dd61f@%3Cissues.servicemix.apache.org%3E
- https://lists.apache.org/thread.html/r96d90e59bb12af5e5c631dcf7d7d80857a52bf3dc44d5b85553e7fc4@%3Cissues.servicemix.apache.org%3E
- https://lists.apache.org/thread.html/ra329bb85da9da93ac6f9b5fc0fc5446a3af0ee2a62c5de484da0af54@%3Ccommits.servicemix.apache.org%3E
- https://lists.apache.org/thread.html/ra62a3bf48ab4e0e9aaed970b03d79a73224d68a4275858c707542f6c@%3Cissues.servicemix.apache.org%3E
- https://lists.apache.org/thread.html/ra8c7573911082e9968f4835943045ad0952232bb6314becf23dc3de5@%3Cissues.servicemix.apache.org%3E
- https://lists.apache.org/thread.html/raae74a9290784e20e86fcd4e2525fa8700aeed6f65f3613b5b04bb11@%3Ccommits.servicemix.apache.org%3E
- https://lists.apache.org/thread.html/rb9fe3ae33246d7f11604a1c85c861cb013a1e32248a43a0c22457107@%3Cissues.servicemix.apache.org%3E
- https://lists.apache.org/thread.html/rcd26a5409af7356b5f69b2fafae3cf621bff8bf155f50e9ccf9ed5f6@%3Cissues.servicemix.apache.org%3E
- https://lists.apache.org/thread.html/rcd4945d66d8bb2fc92396af56a70ede4af983a2c98166f1281338346@%3Cissues.servicemix.apache.org%3E
- https://lists.apache.org/thread.html/ree71c6425d2cc0e36b77bda6902965a657c1e09c7229459811d66474@%3Cissues.servicemix.apache.org%3E
- https://lists.apache.org/thread.html/rf83697efcbcfe1131e31bbc7025cb3ee1db5d9185e9481093b2ef961@%3Cissues.servicemix.apache.org%3E
- https://lists.apache.org/thread.html/rfea6eebfebb13bc015f258e7fa31d4e24a4202601be3b307da28d530@%3Ccommits.servicemix.apache.org%3E
- https://pivotal.io/security/cve-2019-3774
Affected Packages
maven:org.springframework.batch:spring-batch-core
Dependent packages: 225Dependent repositories: 6,040
Downloads:
Affected Version Ranges: = 4.1.0, >= 4.0.0, < 4.0.2, < 3.0.10
Fixed in: 4.1.1, 4.0.2, 3.0.10
All affected versions:
All unaffected versions: 4.3.0, 4.3.1, 4.3.3, 4.3.4, 4.3.5, 4.3.6, 4.3.7, 4.3.8, 4.3.9, 4.3.10, 5.0.0, 5.0.1, 5.0.2, 5.0.3, 5.0.4, 5.0.5, 5.1.0, 5.1.1