CVE-2019-3774
Spring Batch XML External Entity Injection (XXE)
Spring Batch versions 3.0.9, 4.0.1, 4.1.0, and older unsupported versions, were susceptible to XML External Entity Injection (XXE) when receiving XML data from untrusted sources.
Affected products
Spring · Spring BatchWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
https://lists.apache.org/thread.html/r01292194daa9ed3117b34dabec0c26929f6db13b9613fc144f720d52%40%3Cissues.servicemix.apache.org%3Ehttps://lists.apache.org/thread.html/r0153a08177fcfac7584c7b9ea3027f1e8f18f770126f905b9989190e%40%3Cissues.servicemix.apache.org%3Ehttps://lists.apache.org/thread.html/r08e7ddc354bdcbf95d88399f18b3d804865034f8bc706095e594b29f%40%3Cissues.servicemix.apache.org%3Ehttps://lists.apache.org/thread.html/r2349237482bcec43632d9d78d7d2804520d9a82f4d8b1fd96bb616b8%40%3Cissues.servicemix.apache.org%3Ehttps://lists.apache.org/thread.html/r47c7f67a3067ec09262eef0705abc42ea1b646699d9198bcaf8dad02%40%3Cissues.servicemix.apache.org%3Ehttps://lists.apache.org/thread.html/r5fbb63e405d2211c16524d33f52e3b122109d3bc88d5f74623fb212d%40%3Ccommits.servicemix.apache.org%3Ehttps://lists.apache.org/thread.html/r78645ca0eef44a276e144447fb2087db758b1fb8826d0330b3f0da1a%40%3Cissues.servicemix.apache.org%3Ehttps://lists.apache.org/thread.html/r79991aeb5d0c53c67e400e037c72758a06607752ca2f23b5302dd61f%40%3Cissues.servicemix.apache.org%3Ehttps://lists.apache.org/thread.html/r96d90e59bb12af5e5c631dcf7d7d80857a52bf3dc44d5b85553e7fc4%40%3Cissues.servicemix.apache.org%3Ehttps://lists.apache.org/thread.html/ra329bb85da9da93ac6f9b5fc0fc5446a3af0ee2a62c5de484da0af54%40%3Ccommits.servicemix.apache.org%3Ehttps://lists.apache.org/thread.html/ra62a3bf48ab4e0e9aaed970b03d79a73224d68a4275858c707542f6c%40%3Cissues.servicemix.apache.org%3Ehttps://lists.apache.org/thread.html/ra8c7573911082e9968f4835943045ad0952232bb6314becf23dc3de5%40%3Cissues.servicemix.apache.org%3E