Описание
Spring Batch versions 3.0.9, 4.0.1, 4.1.0, and older unsupported versions, were susceptible to XML External Entity Injection (XXE) when receiving XML data from untrusted sources.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat JBoss Fuse 6 | spring-batch-core | Out of support scope | ||
| Red Hat Fuse 7.8.0 | spring-batch-core | Fixed | RHSA-2020:5568 | 16.12.2020 |
Показывать по
10
Дополнительная информация
Статус:
Moderate
Дефект:
CWE-20
https://bugzilla.redhat.com/show_bug.cgi?id=1670597spring-batch: XML External Entity Injection (XXE) when receiving XML data from untrusted sources
7.5 High
CVSS3
Связанные уязвимости
CVSS3: 9.8
nvd
около 7 лет назад
Spring Batch versions 3.0.9, 4.0.1, 4.1.0, and older unsupported versions, were susceptible to XML External Entity Injection (XXE) when receiving XML data from untrusted sources.
github
около 7 лет назад
Low severity vulnerability that affects org.springframework.batch:spring-batch-core
7.5 High
CVSS3