PT-2019-16705 · Spring · Spring Batch
Publicado
2019-01-18
·
Atualizado
2020-06-29
·
CVE-2019-3774
CVSS v3.1
9.8
Crítica
| Vetor | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Spring Batch versions 3.0.9, 4.0.1, 4.1.0, and older unsupported versions
Description
The issue concerns XML External Entity Injection (XXE) that occurs when receiving XML data from untrusted sources.
Recommendations
For Spring Batch versions 3.0.9, 4.0.1, and 4.1.0, update to a version that includes the fix for this issue.
For older unsupported versions, consider upgrading to a supported version that includes the necessary security patches.
As a temporary workaround, consider validating and sanitizing all XML data received from untrusted sources to minimize the risk of exploitation.
Correção
XXE
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Spring Batch