ghsa-3wc8-659g-r88q
Vulnerability from github
Published
2019-01-25 16:18
Modified
2020-06-16 20:56
Summary
Low severity vulnerability that affects org.springframework.batch:spring-batch-core
Details
Spring Batch versions 3.0.9, 4.0.1, 4.1.0, and older unsupported versions, were susceptible to XML External Entity Injection (XXE) when receiving XML data from untrusted sources.
{ "affected": [ { "package": { "ecosystem": "Maven", "name": "org.springframework.batch:spring-batch-core" }, "ranges": [ { "events": [ { "introduced": "0" }, { "fixed": "3.0.10" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "Maven", "name": "org.springframework.batch:spring-batch-core" }, "ranges": [ { "events": [ { "introduced": "4.0.0" }, { "fixed": "4.0.2" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "Maven", "name": "org.springframework.batch:spring-batch-core" }, "ranges": [ { "events": [ { "introduced": "4.1.0" }, { "fixed": "4.1.1" } ], "type": "ECOSYSTEM" } ], "versions": [ "4.1.0" ] } ], "aliases": [ "CVE-2019-3774" ], "database_specific": { "cwe_ids": [ "CWE-611" ], "github_reviewed": true, "github_reviewed_at": "2020-06-16T20:56:44Z", "nvd_published_at": null, "severity": "LOW" }, "details": "Spring Batch versions 3.0.9, 4.0.1, 4.1.0, and older unsupported versions, were susceptible to XML External Entity Injection (XXE) when receiving XML data from untrusted sources.", "id": "GHSA-3wc8-659g-r88q", "modified": "2020-06-16T20:56:44Z", "published": "2019-01-25T16:18:56Z", "references": [ { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-3774" }, { "type": "WEB", "url": "https://pivotal.io/security/cve-2019-3774" }, { "type": "WEB", "url": "https://lists.apache.org/thread.html/rfea6eebfebb13bc015f258e7fa31d4e24a4202601be3b307da28d530@%3Ccommits.servicemix.apache.org%3E" }, { "type": "WEB", "url": "https://lists.apache.org/thread.html/rf83697efcbcfe1131e31bbc7025cb3ee1db5d9185e9481093b2ef961@%3Cissues.servicemix.apache.org%3E" }, { "type": "WEB", "url": "https://lists.apache.org/thread.html/ree71c6425d2cc0e36b77bda6902965a657c1e09c7229459811d66474@%3Cissues.servicemix.apache.org%3E" }, { "type": "WEB", "url": "https://lists.apache.org/thread.html/rcd4945d66d8bb2fc92396af56a70ede4af983a2c98166f1281338346@%3Cissues.servicemix.apache.org%3E" }, { "type": "WEB", "url": "https://lists.apache.org/thread.html/rcd26a5409af7356b5f69b2fafae3cf621bff8bf155f50e9ccf9ed5f6@%3Cissues.servicemix.apache.org%3E" }, { "type": "WEB", "url": "https://lists.apache.org/thread.html/rb9fe3ae33246d7f11604a1c85c861cb013a1e32248a43a0c22457107@%3Cissues.servicemix.apache.org%3E" }, { "type": "WEB", "url": "https://lists.apache.org/thread.html/raae74a9290784e20e86fcd4e2525fa8700aeed6f65f3613b5b04bb11@%3Ccommits.servicemix.apache.org%3E" }, { "type": "WEB", "url": "https://lists.apache.org/thread.html/ra8c7573911082e9968f4835943045ad0952232bb6314becf23dc3de5@%3Cissues.servicemix.apache.org%3E" }, { "type": "WEB", "url": "https://lists.apache.org/thread.html/ra62a3bf48ab4e0e9aaed970b03d79a73224d68a4275858c707542f6c@%3Cissues.servicemix.apache.org%3E" }, { "type": "WEB", "url": "https://lists.apache.org/thread.html/ra329bb85da9da93ac6f9b5fc0fc5446a3af0ee2a62c5de484da0af54@%3Ccommits.servicemix.apache.org%3E" }, { "type": "WEB", "url": "https://lists.apache.org/thread.html/r96d90e59bb12af5e5c631dcf7d7d80857a52bf3dc44d5b85553e7fc4@%3Cissues.servicemix.apache.org%3E" }, { "type": "WEB", "url": "https://lists.apache.org/thread.html/r79991aeb5d0c53c67e400e037c72758a06607752ca2f23b5302dd61f@%3Cissues.servicemix.apache.org%3E" }, { "type": "WEB", "url": "https://lists.apache.org/thread.html/r78645ca0eef44a276e144447fb2087db758b1fb8826d0330b3f0da1a@%3Cissues.servicemix.apache.org%3E" }, { "type": "WEB", "url": "https://lists.apache.org/thread.html/r5fbb63e405d2211c16524d33f52e3b122109d3bc88d5f74623fb212d@%3Ccommits.servicemix.apache.org%3E" }, { "type": "WEB", "url": "https://lists.apache.org/thread.html/r47c7f67a3067ec09262eef0705abc42ea1b646699d9198bcaf8dad02@%3Cissues.servicemix.apache.org%3E" }, { "type": "WEB", "url": "https://lists.apache.org/thread.html/r2349237482bcec43632d9d78d7d2804520d9a82f4d8b1fd96bb616b8@%3Cissues.servicemix.apache.org%3E" }, { "type": "WEB", "url": "https://lists.apache.org/thread.html/r08e7ddc354bdcbf95d88399f18b3d804865034f8bc706095e594b29f@%3Cissues.servicemix.apache.org%3E" }, { "type": "WEB", "url": "https://lists.apache.org/thread.html/r0153a08177fcfac7584c7b9ea3027f1e8f18f770126f905b9989190e@%3Cissues.servicemix.apache.org%3E" }, { "type": "WEB", "url": "https://lists.apache.org/thread.html/r01292194daa9ed3117b34dabec0c26929f6db13b9613fc144f720d52@%3Cissues.servicemix.apache.org%3E" }, { "type": "ADVISORY", "url": "https://github.com/advisories/GHSA-3wc8-659g-r88q" } ], "schema_version": "1.4.0", "severity": [], "summary": "Low severity vulnerability that affects org.springframework.batch:spring-batch-core" }
Loading...
Loading...
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.