PT-2019-16705 · Spring · Spring Batch
Published
2019-01-18
·
Updated
2020-06-29
·
CVE-2019-3774
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Spring Batch versions 3.0.9, 4.0.1, 4.1.0, and older unsupported versions
Description
The issue concerns XML External Entity Injection (XXE) that occurs when receiving XML data from untrusted sources.
Recommendations
For Spring Batch versions 3.0.9, 4.0.1, and 4.1.0, update to a version that includes the fix for this issue.
For older unsupported versions, consider upgrading to a supported version that includes the necessary security patches.
As a temporary workaround, consider validating and sanitizing all XML data received from untrusted sources to minimize the risk of exploitation.
Fix
XXE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Spring Batch