Home

CVE-2019-3774

Description

Spring Batch versions 3.0.9, 4.0.1, 4.1.0, and older unsupported versions, were susceptible to XML External Entity Injection (XXE) when receiving XML data from untrusted sources.

Risk Information

Base Score
9.8
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
2.036

Associated Vulnerability

VulnerabilityOS Platform
Vulnerabilities CVE-2019-3774 are fixed in spring-batch-core 3.0.10Windows
Vulnerabilities CVE-2019-3774 are fixed in spring-batch-core 4.0.2Windows
Vulnerabilities CVE-2019-3774 are fixed in spring-batch-core 4.1.1Windows
Vulnerabilities CVE-2019-3774 are fixed in spring-batch-core for Linux 3.0.10Linux
Vulnerabilities CVE-2019-3774 are fixed in spring-batch-core for Linux 4.0.2Linux
Vulnerabilities CVE-2019-3774 are fixed in spring-batch-core for Linux 4.1.1Linux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234