1. Home
  2. Vulnerabilities
  3. CVE-2019-3774

CVE-2019-3774

CVSS v3.0 9.8 (Critical)
98% Progress
CVSS v2.0 7.5 (High)
75% Progress
EPSS 2.12 % (89th)
2.12% Progress
Affected Products 1
Advisories 1
Info CVSS EPSS CAPEC Affected Configurations References Security Advisories Packages & Software Graph Web & Social Timeline

Spring Batch versions 3.0.9, 4.0.1, 4.1.0, and older unsupported versions, were susceptible to XML External Entity Injection (XXE) when receiving XML data from untrusted sources.

Weaknesses
CWE-611
Improper Restriction of XML External Entity Reference
CVE Status
PUBLISHED
CNA
Dell
Published Date
2019-01-18 22:29:01
(5 years ago)
Updated Date
2023-11-07 03:10:11
(10 months ago)

Affected Products

Pivotal Software

Configuration #1

    CPE23 From Up To
  Pivotal Software Spring Batch 3.0.9 and prior versions cpe:2.3:a:pivotal_software:spring_batch <= 3.0.9
  Pivotal Software Spring Batch from 4.0.0 version and 4.0.1 and prior versions cpe:2.3:a:pivotal_software:spring_batch >= 4.0.0 <= 4.0.1
  Pivotal Software Spring Batch 4.1.0 cpe:2.3:a:pivotal_software:spring_batch:4.1.0