github - ghsa-3wc8-659g-r88q

ghsa-3wc8-659g-r88q

Vulnerability from github

Published

2019-01-25 16:18

Modified

2020-06-16 20:56

Summary

Low severity vulnerability that affects org.springframework.batch:spring-batch-core

Details

Spring Batch versions 3.0.9, 4.0.1, 4.1.0, and older unsupported versions, were susceptible to XML External Entity Injection (XXE) when receiving XML data from untrusted sources.

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.springframework.batch:spring-batch-core"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3.0.10"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.springframework.batch:spring-batch-core"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "4.0.0"
            },
            {
              "fixed": "4.0.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.springframework.batch:spring-batch-core"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "4.1.0"
            },
            {
              "fixed": "4.1.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "4.1.0"
      ]
    }
  ],
  "aliases": [
    "CVE-2019-3774"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-611"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2020-06-16T20:56:44Z",
    "nvd_published_at": null,
    "severity": "LOW"
  },
  "details": "Spring Batch versions 3.0.9, 4.0.1, 4.1.0, and older unsupported versions, were susceptible to XML External Entity Injection (XXE) when receiving XML data from untrusted sources.",
  "id": "GHSA-3wc8-659g-r88q",
  "modified": "2020-06-16T20:56:44Z",
  "published": "2019-01-25T16:18:56Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-3774"
    },
    {
      "type": "WEB",
      "url": "https://pivotal.io/security/cve-2019-3774"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/rfea6eebfebb13bc015f258e7fa31d4e24a4202601be3b307da28d530@%3Ccommits.servicemix.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/rf83697efcbcfe1131e31bbc7025cb3ee1db5d9185e9481093b2ef961@%3Cissues.servicemix.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/ree71c6425d2cc0e36b77bda6902965a657c1e09c7229459811d66474@%3Cissues.servicemix.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/rcd4945d66d8bb2fc92396af56a70ede4af983a2c98166f1281338346@%3Cissues.servicemix.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/rcd26a5409af7356b5f69b2fafae3cf621bff8bf155f50e9ccf9ed5f6@%3Cissues.servicemix.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/rb9fe3ae33246d7f11604a1c85c861cb013a1e32248a43a0c22457107@%3Cissues.servicemix.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/raae74a9290784e20e86fcd4e2525fa8700aeed6f65f3613b5b04bb11@%3Ccommits.servicemix.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/ra8c7573911082e9968f4835943045ad0952232bb6314becf23dc3de5@%3Cissues.servicemix.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/ra62a3bf48ab4e0e9aaed970b03d79a73224d68a4275858c707542f6c@%3Cissues.servicemix.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/ra329bb85da9da93ac6f9b5fc0fc5446a3af0ee2a62c5de484da0af54@%3Ccommits.servicemix.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r96d90e59bb12af5e5c631dcf7d7d80857a52bf3dc44d5b85553e7fc4@%3Cissues.servicemix.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r79991aeb5d0c53c67e400e037c72758a06607752ca2f23b5302dd61f@%3Cissues.servicemix.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r78645ca0eef44a276e144447fb2087db758b1fb8826d0330b3f0da1a@%3Cissues.servicemix.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r5fbb63e405d2211c16524d33f52e3b122109d3bc88d5f74623fb212d@%3Ccommits.servicemix.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r47c7f67a3067ec09262eef0705abc42ea1b646699d9198bcaf8dad02@%3Cissues.servicemix.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r2349237482bcec43632d9d78d7d2804520d9a82f4d8b1fd96bb616b8@%3Cissues.servicemix.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r08e7ddc354bdcbf95d88399f18b3d804865034f8bc706095e594b29f@%3Cissues.servicemix.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r0153a08177fcfac7584c7b9ea3027f1e8f18f770126f905b9989190e@%3Cissues.servicemix.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r01292194daa9ed3117b34dabec0c26929f6db13b9613fc144f720d52@%3Cissues.servicemix.apache.org%3E"
    },
    {
      "type": "ADVISORY",
      "url": "https://github.com/advisories/GHSA-3wc8-659g-r88q"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [],
  "summary": "Low severity vulnerability that affects org.springframework.batch:spring-batch-core"
}

cve-2019-3774

Vulnerability from cvelistv5

Published

2019-01-18 22:00

Modified

2024-09-16 20:57

Severity ?

Summary

Spring Batch XML External Entity Injection (XXE)

References

▼	URL	Tags
	https://pivotal.io/security/cve-2019-3774	x_refsource_CONFIRM
	https://lists.apache.org/thread.html/rcd26a5409af7356b5f69b2fafae3cf621bff8bf155f50e9ccf9ed5f6%40%3Cissues.servicemix.apache.org%3E	mailing-list, x_refsource_MLIST
	https://lists.apache.org/thread.html/rfea6eebfebb13bc015f258e7fa31d4e24a4202601be3b307da28d530%40%3Ccommits.servicemix.apache.org%3E	mailing-list, x_refsource_MLIST
	https://lists.apache.org/thread.html/ree71c6425d2cc0e36b77bda6902965a657c1e09c7229459811d66474%40%3Cissues.servicemix.apache.org%3E	mailing-list, x_refsource_MLIST
	https://lists.apache.org/thread.html/r47c7f67a3067ec09262eef0705abc42ea1b646699d9198bcaf8dad02%40%3Cissues.servicemix.apache.org%3E	mailing-list, x_refsource_MLIST
	https://lists.apache.org/thread.html/r2349237482bcec43632d9d78d7d2804520d9a82f4d8b1fd96bb616b8%40%3Cissues.servicemix.apache.org%3E	mailing-list, x_refsource_MLIST
	https://lists.apache.org/thread.html/rcd4945d66d8bb2fc92396af56a70ede4af983a2c98166f1281338346%40%3Cissues.servicemix.apache.org%3E	mailing-list, x_refsource_MLIST
	https://lists.apache.org/thread.html/ra62a3bf48ab4e0e9aaed970b03d79a73224d68a4275858c707542f6c%40%3Cissues.servicemix.apache.org%3E	mailing-list, x_refsource_MLIST
	https://lists.apache.org/thread.html/r01292194daa9ed3117b34dabec0c26929f6db13b9613fc144f720d52%40%3Cissues.servicemix.apache.org%3E	mailing-list, x_refsource_MLIST
	https://lists.apache.org/thread.html/ra8c7573911082e9968f4835943045ad0952232bb6314becf23dc3de5%40%3Cissues.servicemix.apache.org%3E	mailing-list, x_refsource_MLIST
	https://lists.apache.org/thread.html/raae74a9290784e20e86fcd4e2525fa8700aeed6f65f3613b5b04bb11%40%3Ccommits.servicemix.apache.org%3E	mailing-list, x_refsource_MLIST
	https://lists.apache.org/thread.html/rb9fe3ae33246d7f11604a1c85c861cb013a1e32248a43a0c22457107%40%3Cissues.servicemix.apache.org%3E	mailing-list, x_refsource_MLIST
	https://lists.apache.org/thread.html/r0153a08177fcfac7584c7b9ea3027f1e8f18f770126f905b9989190e%40%3Cissues.servicemix.apache.org%3E	mailing-list, x_refsource_MLIST
	https://lists.apache.org/thread.html/r96d90e59bb12af5e5c631dcf7d7d80857a52bf3dc44d5b85553e7fc4%40%3Cissues.servicemix.apache.org%3E	mailing-list, x_refsource_MLIST
	https://lists.apache.org/thread.html/r78645ca0eef44a276e144447fb2087db758b1fb8826d0330b3f0da1a%40%3Cissues.servicemix.apache.org%3E	mailing-list, x_refsource_MLIST
	https://lists.apache.org/thread.html/ra329bb85da9da93ac6f9b5fc0fc5446a3af0ee2a62c5de484da0af54%40%3Ccommits.servicemix.apache.org%3E	mailing-list, x_refsource_MLIST
	https://lists.apache.org/thread.html/r5fbb63e405d2211c16524d33f52e3b122109d3bc88d5f74623fb212d%40%3Ccommits.servicemix.apache.org%3E	mailing-list, x_refsource_MLIST
	https://lists.apache.org/thread.html/r08e7ddc354bdcbf95d88399f18b3d804865034f8bc706095e594b29f%40%3Cissues.servicemix.apache.org%3E	mailing-list, x_refsource_MLIST
	https://lists.apache.org/thread.html/r79991aeb5d0c53c67e400e037c72758a06607752ca2f23b5302dd61f%40%3Cissues.servicemix.apache.org%3E	mailing-list, x_refsource_MLIST
	https://lists.apache.org/thread.html/rf83697efcbcfe1131e31bbc7025cb3ee1db5d9185e9481093b2ef961%40%3Cissues.servicemix.apache.org%3E	mailing-list, x_refsource_MLIST

Impacted products

▼	Vendor	Product
	Spring	Spring Batch

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T19:19:18.161Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://pivotal.io/security/cve-2019-3774"
          },
          {
            "name": "[servicemix-issues] 20200203 [jira] [Created] (SM-4312) Upgrade spring-batch from 4.0.1 to 4.0.2 to address CVE-2019-3774",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rcd26a5409af7356b5f69b2fafae3cf621bff8bf155f50e9ccf9ed5f6%40%3Cissues.servicemix.apache.org%3E"
          },
          {
            "name": "[servicemix-commits] 20200203 [servicemix-bundles] branch master updated: [SM-4312]Upgrade spring-batch from 4.0.1 to 4.0.2 to address CVE-2019-3774",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rfea6eebfebb13bc015f258e7fa31d4e24a4202601be3b307da28d530%40%3Ccommits.servicemix.apache.org%3E"
          },
          {
            "name": "[servicemix-issues] 20200203 [jira] [Assigned] (SM-4312) Upgrade spring-batch from 4.0.1 to 4.0.2 to address CVE-2019-3774",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/ree71c6425d2cc0e36b77bda6902965a657c1e09c7229459811d66474%40%3Cissues.servicemix.apache.org%3E"
          },
          {
            "name": "[servicemix-issues] 20200203 [jira] [Updated] (SM-4312) Upgrade spring-batch from 4.0.1 to 4.0.2 to address CVE-2019-3774",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r47c7f67a3067ec09262eef0705abc42ea1b646699d9198bcaf8dad02%40%3Cissues.servicemix.apache.org%3E"
          },
          {
            "name": "[servicemix-issues] 20200205 [jira] [Resolved] (SM-4312) Upgrade spring-batch from 4.0.1 to 4.0.2 to address CVE-2019-3774",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r2349237482bcec43632d9d78d7d2804520d9a82f4d8b1fd96bb616b8%40%3Cissues.servicemix.apache.org%3E"
          },
          {
            "name": "[servicemix-issues] 20200206 [jira] [Created] (SM-4315) Upgrade spring-batch from 3.0.8 to 3.0.10 to address CVE-2019-3774",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rcd4945d66d8bb2fc92396af56a70ede4af983a2c98166f1281338346%40%3Cissues.servicemix.apache.org%3E"
          },
          {
            "name": "[servicemix-issues] 20200206 [jira] [Assigned] (SM-4315) Upgrade spring-batch from 3.0.8 to 3.0.10 to address CVE-2019-3774",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/ra62a3bf48ab4e0e9aaed970b03d79a73224d68a4275858c707542f6c%40%3Cissues.servicemix.apache.org%3E"
          },
          {
            "name": "[servicemix-issues] 20200206 [jira] [Updated] (SM-4315) Upgrade spring-batch from 3.0.8 to 3.0.10 to address CVE-2019-3774",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r01292194daa9ed3117b34dabec0c26929f6db13b9613fc144f720d52%40%3Cissues.servicemix.apache.org%3E"
          },
          {
            "name": "[servicemix-issues] 20200206 [jira] [Resolved] (SM-4315) Upgrade spring-batch from 3.0.8 to 3.0.10 to address CVE-2019-3774",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/ra8c7573911082e9968f4835943045ad0952232bb6314becf23dc3de5%40%3Cissues.servicemix.apache.org%3E"
          },
          {
            "name": "[servicemix-commits] 20200206 [servicemix-bundles] branch master updated: [SM-4315]Upgrade spring-batch from 3.0.8 to 3.0.10 to address CVE-2019-3774",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/raae74a9290784e20e86fcd4e2525fa8700aeed6f65f3613b5b04bb11%40%3Ccommits.servicemix.apache.org%3E"
          },
          {
            "name": "[servicemix-issues] 20200618 [jira] [Reopened] (SM-4315) Upgrade spring-batch from 3.0.8 to 3.0.10 to address CVE-2019-3774",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rb9fe3ae33246d7f11604a1c85c861cb013a1e32248a43a0c22457107%40%3Cissues.servicemix.apache.org%3E"
          },
          {
            "name": "[servicemix-issues] 20200618 [jira] [Reopened] (SM-4312) Upgrade spring-batch from 4.0.1 to 4.0.2 to address CVE-2019-3774",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r0153a08177fcfac7584c7b9ea3027f1e8f18f770126f905b9989190e%40%3Cissues.servicemix.apache.org%3E"
          },
          {
            "name": "[servicemix-issues] 20200618 [jira] [Commented] (SM-4315) Upgrade spring-batch from 3.0.8 to 3.0.10 to address CVE-2019-3774",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r96d90e59bb12af5e5c631dcf7d7d80857a52bf3dc44d5b85553e7fc4%40%3Cissues.servicemix.apache.org%3E"
          },
          {
            "name": "[servicemix-issues] 20200618 [jira] [Commented] (SM-4312) Upgrade spring-batch from 4.0.1 to 4.0.2 to address CVE-2019-3774",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r78645ca0eef44a276e144447fb2087db758b1fb8826d0330b3f0da1a%40%3Cissues.servicemix.apache.org%3E"
          },
          {
            "name": "[servicemix-commits] 20200618 [servicemix-bundles] branch master updated: [SM-4312]add spring-batch-infrastructure-4.0.2.RELEASE(address CVE-2019-3774)",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/ra329bb85da9da93ac6f9b5fc0fc5446a3af0ee2a62c5de484da0af54%40%3Ccommits.servicemix.apache.org%3E"
          },
          {
            "name": "[servicemix-commits] 20200618 [servicemix-bundles] branch master updated: [SM-4315]add spring-batch-infrastructure-3.0.10.RELEASE(address CVE-2019-3774)",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r5fbb63e405d2211c16524d33f52e3b122109d3bc88d5f74623fb212d%40%3Ccommits.servicemix.apache.org%3E"
          },
          {
            "name": "[servicemix-issues] 20200629 [jira] [Updated] (SM-4312) Upgrade spring-batch from 4.0.1 to 4.0.2 to address CVE-2019-3774",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r08e7ddc354bdcbf95d88399f18b3d804865034f8bc706095e594b29f%40%3Cissues.servicemix.apache.org%3E"
          },
          {
            "name": "[servicemix-issues] 20200629 [jira] [Resolved] (SM-4315) Upgrade spring-batch from 3.0.8 to 3.0.10 to address CVE-2019-3774",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r79991aeb5d0c53c67e400e037c72758a06607752ca2f23b5302dd61f%40%3Cissues.servicemix.apache.org%3E"
          },
          {
            "name": "[servicemix-issues] 20200629 [jira] [Resolved] (SM-4312) Upgrade spring-batch from 4.0.1 to 4.0.2 to address CVE-2019-3774",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rf83697efcbcfe1131e31bbc7025cb3ee1db5d9185e9481093b2ef961%40%3Cissues.servicemix.apache.org%3E"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Spring Batch",
          "vendor": "Spring",
          "versions": [
            {
              "lessThan": "4.0.1.RELEASE",
              "status": "affected",
              "version": "4.0",
              "versionType": "custom"
            },
            {
              "lessThan": "4.1.0.RELEASE",
              "status": "affected",
              "version": "4.1",
              "versionType": "custom"
            },
            {
              "lessThan": "3.0.9.RELEASE",
              "status": "affected",
              "version": "3.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2019-01-15T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Spring Batch versions 3.0.9, 4.0.1, 4.1.0, and older unsupported versions, were susceptible to XML External Entity Injection (XXE) when receiving XML data from untrusted sources."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-611",
              "description": "CWE-611: XML External Entities (XXE)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-06-29T07:06:03",
        "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "shortName": "dell"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://pivotal.io/security/cve-2019-3774"
        },
        {
          "name": "[servicemix-issues] 20200203 [jira] [Created] (SM-4312) Upgrade spring-batch from 4.0.1 to 4.0.2 to address CVE-2019-3774",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rcd26a5409af7356b5f69b2fafae3cf621bff8bf155f50e9ccf9ed5f6%40%3Cissues.servicemix.apache.org%3E"
        },
        {
          "name": "[servicemix-commits] 20200203 [servicemix-bundles] branch master updated: [SM-4312]Upgrade spring-batch from 4.0.1 to 4.0.2 to address CVE-2019-3774",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rfea6eebfebb13bc015f258e7fa31d4e24a4202601be3b307da28d530%40%3Ccommits.servicemix.apache.org%3E"
        },
        {
          "name": "[servicemix-issues] 20200203 [jira] [Assigned] (SM-4312) Upgrade spring-batch from 4.0.1 to 4.0.2 to address CVE-2019-3774",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/ree71c6425d2cc0e36b77bda6902965a657c1e09c7229459811d66474%40%3Cissues.servicemix.apache.org%3E"
        },
        {
          "name": "[servicemix-issues] 20200203 [jira] [Updated] (SM-4312) Upgrade spring-batch from 4.0.1 to 4.0.2 to address CVE-2019-3774",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r47c7f67a3067ec09262eef0705abc42ea1b646699d9198bcaf8dad02%40%3Cissues.servicemix.apache.org%3E"
        },
        {
          "name": "[servicemix-issues] 20200205 [jira] [Resolved] (SM-4312) Upgrade spring-batch from 4.0.1 to 4.0.2 to address CVE-2019-3774",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r2349237482bcec43632d9d78d7d2804520d9a82f4d8b1fd96bb616b8%40%3Cissues.servicemix.apache.org%3E"
        },
        {
          "name": "[servicemix-issues] 20200206 [jira] [Created] (SM-4315) Upgrade spring-batch from 3.0.8 to 3.0.10 to address CVE-2019-3774",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rcd4945d66d8bb2fc92396af56a70ede4af983a2c98166f1281338346%40%3Cissues.servicemix.apache.org%3E"
        },
        {
          "name": "[servicemix-issues] 20200206 [jira] [Assigned] (SM-4315) Upgrade spring-batch from 3.0.8 to 3.0.10 to address CVE-2019-3774",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/ra62a3bf48ab4e0e9aaed970b03d79a73224d68a4275858c707542f6c%40%3Cissues.servicemix.apache.org%3E"
        },
        {
          "name": "[servicemix-issues] 20200206 [jira] [Updated] (SM-4315) Upgrade spring-batch from 3.0.8 to 3.0.10 to address CVE-2019-3774",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r01292194daa9ed3117b34dabec0c26929f6db13b9613fc144f720d52%40%3Cissues.servicemix.apache.org%3E"
        },
        {
          "name": "[servicemix-issues] 20200206 [jira] [Resolved] (SM-4315) Upgrade spring-batch from 3.0.8 to 3.0.10 to address CVE-2019-3774",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/ra8c7573911082e9968f4835943045ad0952232bb6314becf23dc3de5%40%3Cissues.servicemix.apache.org%3E"
        },
        {
          "name": "[servicemix-commits] 20200206 [servicemix-bundles] branch master updated: [SM-4315]Upgrade spring-batch from 3.0.8 to 3.0.10 to address CVE-2019-3774",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/raae74a9290784e20e86fcd4e2525fa8700aeed6f65f3613b5b04bb11%40%3Ccommits.servicemix.apache.org%3E"
        },
        {
          "name": "[servicemix-issues] 20200618 [jira] [Reopened] (SM-4315) Upgrade spring-batch from 3.0.8 to 3.0.10 to address CVE-2019-3774",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rb9fe3ae33246d7f11604a1c85c861cb013a1e32248a43a0c22457107%40%3Cissues.servicemix.apache.org%3E"
        },
        {
          "name": "[servicemix-issues] 20200618 [jira] [Reopened] (SM-4312) Upgrade spring-batch from 4.0.1 to 4.0.2 to address CVE-2019-3774",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r0153a08177fcfac7584c7b9ea3027f1e8f18f770126f905b9989190e%40%3Cissues.servicemix.apache.org%3E"
        },
        {
          "name": "[servicemix-issues] 20200618 [jira] [Commented] (SM-4315) Upgrade spring-batch from 3.0.8 to 3.0.10 to address CVE-2019-3774",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r96d90e59bb12af5e5c631dcf7d7d80857a52bf3dc44d5b85553e7fc4%40%3Cissues.servicemix.apache.org%3E"
        },
        {
          "name": "[servicemix-issues] 20200618 [jira] [Commented] (SM-4312) Upgrade spring-batch from 4.0.1 to 4.0.2 to address CVE-2019-3774",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r78645ca0eef44a276e144447fb2087db758b1fb8826d0330b3f0da1a%40%3Cissues.servicemix.apache.org%3E"
        },
        {
          "name": "[servicemix-commits] 20200618 [servicemix-bundles] branch master updated: [SM-4312]add spring-batch-infrastructure-4.0.2.RELEASE(address CVE-2019-3774)",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/ra329bb85da9da93ac6f9b5fc0fc5446a3af0ee2a62c5de484da0af54%40%3Ccommits.servicemix.apache.org%3E"
        },
        {
          "name": "[servicemix-commits] 20200618 [servicemix-bundles] branch master updated: [SM-4315]add spring-batch-infrastructure-3.0.10.RELEASE(address CVE-2019-3774)",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r5fbb63e405d2211c16524d33f52e3b122109d3bc88d5f74623fb212d%40%3Ccommits.servicemix.apache.org%3E"
        },
        {
          "name": "[servicemix-issues] 20200629 [jira] [Updated] (SM-4312) Upgrade spring-batch from 4.0.1 to 4.0.2 to address CVE-2019-3774",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r08e7ddc354bdcbf95d88399f18b3d804865034f8bc706095e594b29f%40%3Cissues.servicemix.apache.org%3E"
        },
        {
          "name": "[servicemix-issues] 20200629 [jira] [Resolved] (SM-4315) Upgrade spring-batch from 3.0.8 to 3.0.10 to address CVE-2019-3774",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r79991aeb5d0c53c67e400e037c72758a06607752ca2f23b5302dd61f%40%3Cissues.servicemix.apache.org%3E"
        },
        {
          "name": "[servicemix-issues] 20200629 [jira] [Resolved] (SM-4312) Upgrade spring-batch from 4.0.1 to 4.0.2 to address CVE-2019-3774",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rf83697efcbcfe1131e31bbc7025cb3ee1db5d9185e9481093b2ef961%40%3Cissues.servicemix.apache.org%3E"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Spring Batch XML External Entity Injection (XXE)",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@dell.com",
          "DATE_PUBLIC": "2019-01-15T20:30:17.000Z",
          "ID": "CVE-2019-3774",
          "STATE": "PUBLIC",
          "TITLE": "Spring Batch XML External Entity Injection (XXE)"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Spring Batch",
                      "version": {
                        "version_data": [
                          {
                            "affected": "\u003c",
                            "version_affected": "\u003c",
                            "version_name": "4.0",
                            "version_value": "4.0.1.RELEASE"
                          },
                          {
                            "affected": "\u003c",
                            "version_affected": "\u003c",
                            "version_name": "4.1",
                            "version_value": "4.1.0.RELEASE"
                          },
                          {
                            "affected": "\u003c",
                            "version_affected": "\u003c",
                            "version_name": "3.0",
                            "version_value": "3.0.9.RELEASE"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Spring"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Spring Batch versions 3.0.9, 4.0.1, 4.1.0, and older unsupported versions, were susceptible to XML External Entity Injection (XXE) when receiving XML data from untrusted sources."
            }
          ]
        },
        "impact": null,
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-611: XML External Entities (XXE)"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://pivotal.io/security/cve-2019-3774",
              "refsource": "CONFIRM",
              "url": "https://pivotal.io/security/cve-2019-3774"
            },
            {
              "name": "[servicemix-issues] 20200203 [jira] [Created] (SM-4312) Upgrade spring-batch from 4.0.1 to 4.0.2 to address CVE-2019-3774",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rcd26a5409af7356b5f69b2fafae3cf621bff8bf155f50e9ccf9ed5f6@%3Cissues.servicemix.apache.org%3E"
            },
            {
              "name": "[servicemix-commits] 20200203 [servicemix-bundles] branch master updated: [SM-4312]Upgrade spring-batch from 4.0.1 to 4.0.2 to address CVE-2019-3774",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rfea6eebfebb13bc015f258e7fa31d4e24a4202601be3b307da28d530@%3Ccommits.servicemix.apache.org%3E"
            },
            {
              "name": "[servicemix-issues] 20200203 [jira] [Assigned] (SM-4312) Upgrade spring-batch from 4.0.1 to 4.0.2 to address CVE-2019-3774",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/ree71c6425d2cc0e36b77bda6902965a657c1e09c7229459811d66474@%3Cissues.servicemix.apache.org%3E"
            },
            {
              "name": "[servicemix-issues] 20200203 [jira] [Updated] (SM-4312) Upgrade spring-batch from 4.0.1 to 4.0.2 to address CVE-2019-3774",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r47c7f67a3067ec09262eef0705abc42ea1b646699d9198bcaf8dad02@%3Cissues.servicemix.apache.org%3E"
            },
            {
              "name": "[servicemix-issues] 20200205 [jira] [Resolved] (SM-4312) Upgrade spring-batch from 4.0.1 to 4.0.2 to address CVE-2019-3774",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r2349237482bcec43632d9d78d7d2804520d9a82f4d8b1fd96bb616b8@%3Cissues.servicemix.apache.org%3E"
            },
            {
              "name": "[servicemix-issues] 20200206 [jira] [Created] (SM-4315) Upgrade spring-batch from 3.0.8 to 3.0.10 to address CVE-2019-3774",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rcd4945d66d8bb2fc92396af56a70ede4af983a2c98166f1281338346@%3Cissues.servicemix.apache.org%3E"
            },
            {
              "name": "[servicemix-issues] 20200206 [jira] [Assigned] (SM-4315) Upgrade spring-batch from 3.0.8 to 3.0.10 to address CVE-2019-3774",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/ra62a3bf48ab4e0e9aaed970b03d79a73224d68a4275858c707542f6c@%3Cissues.servicemix.apache.org%3E"
            },
            {
              "name": "[servicemix-issues] 20200206 [jira] [Updated] (SM-4315) Upgrade spring-batch from 3.0.8 to 3.0.10 to address CVE-2019-3774",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r01292194daa9ed3117b34dabec0c26929f6db13b9613fc144f720d52@%3Cissues.servicemix.apache.org%3E"
            },
            {
              "name": "[servicemix-issues] 20200206 [jira] [Resolved] (SM-4315) Upgrade spring-batch from 3.0.8 to 3.0.10 to address CVE-2019-3774",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/ra8c7573911082e9968f4835943045ad0952232bb6314becf23dc3de5@%3Cissues.servicemix.apache.org%3E"
            },
            {
              "name": "[servicemix-commits] 20200206 [servicemix-bundles] branch master updated: [SM-4315]Upgrade spring-batch from 3.0.8 to 3.0.10 to address CVE-2019-3774",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/raae74a9290784e20e86fcd4e2525fa8700aeed6f65f3613b5b04bb11@%3Ccommits.servicemix.apache.org%3E"
            },
            {
              "name": "[servicemix-issues] 20200618 [jira] [Reopened] (SM-4315) Upgrade spring-batch from 3.0.8 to 3.0.10 to address CVE-2019-3774",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rb9fe3ae33246d7f11604a1c85c861cb013a1e32248a43a0c22457107@%3Cissues.servicemix.apache.org%3E"
            },
            {
              "name": "[servicemix-issues] 20200618 [jira] [Reopened] (SM-4312) Upgrade spring-batch from 4.0.1 to 4.0.2 to address CVE-2019-3774",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r0153a08177fcfac7584c7b9ea3027f1e8f18f770126f905b9989190e@%3Cissues.servicemix.apache.org%3E"
            },
            {
              "name": "[servicemix-issues] 20200618 [jira] [Commented] (SM-4315) Upgrade spring-batch from 3.0.8 to 3.0.10 to address CVE-2019-3774",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r96d90e59bb12af5e5c631dcf7d7d80857a52bf3dc44d5b85553e7fc4@%3Cissues.servicemix.apache.org%3E"
            },
            {
              "name": "[servicemix-issues] 20200618 [jira] [Commented] (SM-4312) Upgrade spring-batch from 4.0.1 to 4.0.2 to address CVE-2019-3774",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r78645ca0eef44a276e144447fb2087db758b1fb8826d0330b3f0da1a@%3Cissues.servicemix.apache.org%3E"
            },
            {
              "name": "[servicemix-commits] 20200618 [servicemix-bundles] branch master updated: [SM-4312]add spring-batch-infrastructure-4.0.2.RELEASE(address CVE-2019-3774)",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/ra329bb85da9da93ac6f9b5fc0fc5446a3af0ee2a62c5de484da0af54@%3Ccommits.servicemix.apache.org%3E"
            },
            {
              "name": "[servicemix-commits] 20200618 [servicemix-bundles] branch master updated: [SM-4315]add spring-batch-infrastructure-3.0.10.RELEASE(address CVE-2019-3774)",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r5fbb63e405d2211c16524d33f52e3b122109d3bc88d5f74623fb212d@%3Ccommits.servicemix.apache.org%3E"
            },
            {
              "name": "[servicemix-issues] 20200629 [jira] [Updated] (SM-4312) Upgrade spring-batch from 4.0.1 to 4.0.2 to address CVE-2019-3774",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r08e7ddc354bdcbf95d88399f18b3d804865034f8bc706095e594b29f@%3Cissues.servicemix.apache.org%3E"
            },
            {
              "name": "[servicemix-issues] 20200629 [jira] [Resolved] (SM-4315) Upgrade spring-batch from 3.0.8 to 3.0.10 to address CVE-2019-3774",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r79991aeb5d0c53c67e400e037c72758a06607752ca2f23b5302dd61f@%3Cissues.servicemix.apache.org%3E"
            },
            {
              "name": "[servicemix-issues] 20200629 [jira] [Resolved] (SM-4312) Upgrade spring-batch from 4.0.1 to 4.0.2 to address CVE-2019-3774",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rf83697efcbcfe1131e31bbc7025cb3ee1db5d9185e9481093b2ef961@%3Cissues.servicemix.apache.org%3E"
            }
          ]
        },
        "source": {
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
    "assignerShortName": "dell",
    "cveId": "CVE-2019-3774",
    "datePublished": "2019-01-18T22:00:00Z",
    "dateReserved": "2019-01-03T00:00:00",
    "dateUpdated": "2024-09-16T20:57:23.130Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted