Search criteria
ⓘ
Use full-text search for keyword queries.
Combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by dates instead of relevance.
2 vulnerabilities found for Spring Batch by Spring
CVE-2019-3774 (GCVE-0-2019-3774)
Vulnerability from nvd – Published: 2019-01-18 22:00 – Updated: 2024-09-16 20:57
VLAI?
Title
Spring Batch XML External Entity Injection (XXE)
Summary
Spring Batch versions 3.0.9, 4.0.1, 4.1.0, and older unsupported versions, were susceptible to XML External Entity Injection (XXE) when receiving XML data from untrusted sources.
Severity ?
No CVSS data available.
CWE
- CWE-611 - XML External Entities (XXE)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Spring | Spring Batch |
Affected:
4.0 , < 4.0.1.RELEASE
(custom)
Affected: 4.1 , < 4.1.0.RELEASE (custom) Affected: 3.0 , < 3.0.9.RELEASE (custom) |
Date Public ?
2019-01-15 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:19:18.161Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://pivotal.io/security/cve-2019-3774"
},
{
"name": "[servicemix-issues] 20200203 [jira] [Created] (SM-4312) Upgrade spring-batch from 4.0.1 to 4.0.2 to address CVE-2019-3774",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rcd26a5409af7356b5f69b2fafae3cf621bff8bf155f50e9ccf9ed5f6%40%3Cissues.servicemix.apache.org%3E"
},
{
"name": "[servicemix-commits] 20200203 [servicemix-bundles] branch master updated: [SM-4312]Upgrade spring-batch from 4.0.1 to 4.0.2 to address CVE-2019-3774",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rfea6eebfebb13bc015f258e7fa31d4e24a4202601be3b307da28d530%40%3Ccommits.servicemix.apache.org%3E"
},
{
"name": "[servicemix-issues] 20200203 [jira] [Assigned] (SM-4312) Upgrade spring-batch from 4.0.1 to 4.0.2 to address CVE-2019-3774",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/ree71c6425d2cc0e36b77bda6902965a657c1e09c7229459811d66474%40%3Cissues.servicemix.apache.org%3E"
},
{
"name": "[servicemix-issues] 20200203 [jira] [Updated] (SM-4312) Upgrade spring-batch from 4.0.1 to 4.0.2 to address CVE-2019-3774",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r47c7f67a3067ec09262eef0705abc42ea1b646699d9198bcaf8dad02%40%3Cissues.servicemix.apache.org%3E"
},
{
"name": "[servicemix-issues] 20200205 [jira] [Resolved] (SM-4312) Upgrade spring-batch from 4.0.1 to 4.0.2 to address CVE-2019-3774",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r2349237482bcec43632d9d78d7d2804520d9a82f4d8b1fd96bb616b8%40%3Cissues.servicemix.apache.org%3E"
},
{
"name": "[servicemix-issues] 20200206 [jira] [Created] (SM-4315) Upgrade spring-batch from 3.0.8 to 3.0.10 to address CVE-2019-3774",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rcd4945d66d8bb2fc92396af56a70ede4af983a2c98166f1281338346%40%3Cissues.servicemix.apache.org%3E"
},
{
"name": "[servicemix-issues] 20200206 [jira] [Assigned] (SM-4315) Upgrade spring-batch from 3.0.8 to 3.0.10 to address CVE-2019-3774",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/ra62a3bf48ab4e0e9aaed970b03d79a73224d68a4275858c707542f6c%40%3Cissues.servicemix.apache.org%3E"
},
{
"name": "[servicemix-issues] 20200206 [jira] [Updated] (SM-4315) Upgrade spring-batch from 3.0.8 to 3.0.10 to address CVE-2019-3774",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r01292194daa9ed3117b34dabec0c26929f6db13b9613fc144f720d52%40%3Cissues.servicemix.apache.org%3E"
},
{
"name": "[servicemix-issues] 20200206 [jira] [Resolved] (SM-4315) Upgrade spring-batch from 3.0.8 to 3.0.10 to address CVE-2019-3774",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/ra8c7573911082e9968f4835943045ad0952232bb6314becf23dc3de5%40%3Cissues.servicemix.apache.org%3E"
},
{
"name": "[servicemix-commits] 20200206 [servicemix-bundles] branch master updated: [SM-4315]Upgrade spring-batch from 3.0.8 to 3.0.10 to address CVE-2019-3774",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/raae74a9290784e20e86fcd4e2525fa8700aeed6f65f3613b5b04bb11%40%3Ccommits.servicemix.apache.org%3E"
},
{
"name": "[servicemix-issues] 20200618 [jira] [Reopened] (SM-4315) Upgrade spring-batch from 3.0.8 to 3.0.10 to address CVE-2019-3774",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rb9fe3ae33246d7f11604a1c85c861cb013a1e32248a43a0c22457107%40%3Cissues.servicemix.apache.org%3E"
},
{
"name": "[servicemix-issues] 20200618 [jira] [Reopened] (SM-4312) Upgrade spring-batch from 4.0.1 to 4.0.2 to address CVE-2019-3774",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r0153a08177fcfac7584c7b9ea3027f1e8f18f770126f905b9989190e%40%3Cissues.servicemix.apache.org%3E"
},
{
"name": "[servicemix-issues] 20200618 [jira] [Commented] (SM-4315) Upgrade spring-batch from 3.0.8 to 3.0.10 to address CVE-2019-3774",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r96d90e59bb12af5e5c631dcf7d7d80857a52bf3dc44d5b85553e7fc4%40%3Cissues.servicemix.apache.org%3E"
},
{
"name": "[servicemix-issues] 20200618 [jira] [Commented] (SM-4312) Upgrade spring-batch from 4.0.1 to 4.0.2 to address CVE-2019-3774",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r78645ca0eef44a276e144447fb2087db758b1fb8826d0330b3f0da1a%40%3Cissues.servicemix.apache.org%3E"
},
{
"name": "[servicemix-commits] 20200618 [servicemix-bundles] branch master updated: [SM-4312]add spring-batch-infrastructure-4.0.2.RELEASE(address CVE-2019-3774)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/ra329bb85da9da93ac6f9b5fc0fc5446a3af0ee2a62c5de484da0af54%40%3Ccommits.servicemix.apache.org%3E"
},
{
"name": "[servicemix-commits] 20200618 [servicemix-bundles] branch master updated: [SM-4315]add spring-batch-infrastructure-3.0.10.RELEASE(address CVE-2019-3774)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r5fbb63e405d2211c16524d33f52e3b122109d3bc88d5f74623fb212d%40%3Ccommits.servicemix.apache.org%3E"
},
{
"name": "[servicemix-issues] 20200629 [jira] [Updated] (SM-4312) Upgrade spring-batch from 4.0.1 to 4.0.2 to address CVE-2019-3774",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r08e7ddc354bdcbf95d88399f18b3d804865034f8bc706095e594b29f%40%3Cissues.servicemix.apache.org%3E"
},
{
"name": "[servicemix-issues] 20200629 [jira] [Resolved] (SM-4315) Upgrade spring-batch from 3.0.8 to 3.0.10 to address CVE-2019-3774",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r79991aeb5d0c53c67e400e037c72758a06607752ca2f23b5302dd61f%40%3Cissues.servicemix.apache.org%3E"
},
{
"name": "[servicemix-issues] 20200629 [jira] [Resolved] (SM-4312) Upgrade spring-batch from 4.0.1 to 4.0.2 to address CVE-2019-3774",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rf83697efcbcfe1131e31bbc7025cb3ee1db5d9185e9481093b2ef961%40%3Cissues.servicemix.apache.org%3E"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Spring Batch",
"vendor": "Spring",
"versions": [
{
"lessThan": "4.0.1.RELEASE",
"status": "affected",
"version": "4.0",
"versionType": "custom"
},
{
"lessThan": "4.1.0.RELEASE",
"status": "affected",
"version": "4.1",
"versionType": "custom"
},
{
"lessThan": "3.0.9.RELEASE",
"status": "affected",
"version": "3.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2019-01-15T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Spring Batch versions 3.0.9, 4.0.1, 4.1.0, and older unsupported versions, were susceptible to XML External Entity Injection (XXE) when receiving XML data from untrusted sources."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-611",
"description": "CWE-611: XML External Entities (XXE)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-06-29T07:06:03.000Z",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://pivotal.io/security/cve-2019-3774"
},
{
"name": "[servicemix-issues] 20200203 [jira] [Created] (SM-4312) Upgrade spring-batch from 4.0.1 to 4.0.2 to address CVE-2019-3774",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rcd26a5409af7356b5f69b2fafae3cf621bff8bf155f50e9ccf9ed5f6%40%3Cissues.servicemix.apache.org%3E"
},
{
"name": "[servicemix-commits] 20200203 [servicemix-bundles] branch master updated: [SM-4312]Upgrade spring-batch from 4.0.1 to 4.0.2 to address CVE-2019-3774",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rfea6eebfebb13bc015f258e7fa31d4e24a4202601be3b307da28d530%40%3Ccommits.servicemix.apache.org%3E"
},
{
"name": "[servicemix-issues] 20200203 [jira] [Assigned] (SM-4312) Upgrade spring-batch from 4.0.1 to 4.0.2 to address CVE-2019-3774",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/ree71c6425d2cc0e36b77bda6902965a657c1e09c7229459811d66474%40%3Cissues.servicemix.apache.org%3E"
},
{
"name": "[servicemix-issues] 20200203 [jira] [Updated] (SM-4312) Upgrade spring-batch from 4.0.1 to 4.0.2 to address CVE-2019-3774",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r47c7f67a3067ec09262eef0705abc42ea1b646699d9198bcaf8dad02%40%3Cissues.servicemix.apache.org%3E"
},
{
"name": "[servicemix-issues] 20200205 [jira] [Resolved] (SM-4312) Upgrade spring-batch from 4.0.1 to 4.0.2 to address CVE-2019-3774",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r2349237482bcec43632d9d78d7d2804520d9a82f4d8b1fd96bb616b8%40%3Cissues.servicemix.apache.org%3E"
},
{
"name": "[servicemix-issues] 20200206 [jira] [Created] (SM-4315) Upgrade spring-batch from 3.0.8 to 3.0.10 to address CVE-2019-3774",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rcd4945d66d8bb2fc92396af56a70ede4af983a2c98166f1281338346%40%3Cissues.servicemix.apache.org%3E"
},
{
"name": "[servicemix-issues] 20200206 [jira] [Assigned] (SM-4315) Upgrade spring-batch from 3.0.8 to 3.0.10 to address CVE-2019-3774",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/ra62a3bf48ab4e0e9aaed970b03d79a73224d68a4275858c707542f6c%40%3Cissues.servicemix.apache.org%3E"
},
{
"name": "[servicemix-issues] 20200206 [jira] [Updated] (SM-4315) Upgrade spring-batch from 3.0.8 to 3.0.10 to address CVE-2019-3774",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r01292194daa9ed3117b34dabec0c26929f6db13b9613fc144f720d52%40%3Cissues.servicemix.apache.org%3E"
},
{
"name": "[servicemix-issues] 20200206 [jira] [Resolved] (SM-4315) Upgrade spring-batch from 3.0.8 to 3.0.10 to address CVE-2019-3774",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/ra8c7573911082e9968f4835943045ad0952232bb6314becf23dc3de5%40%3Cissues.servicemix.apache.org%3E"
},
{
"name": "[servicemix-commits] 20200206 [servicemix-bundles] branch master updated: [SM-4315]Upgrade spring-batch from 3.0.8 to 3.0.10 to address CVE-2019-3774",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/raae74a9290784e20e86fcd4e2525fa8700aeed6f65f3613b5b04bb11%40%3Ccommits.servicemix.apache.org%3E"
},
{
"name": "[servicemix-issues] 20200618 [jira] [Reopened] (SM-4315) Upgrade spring-batch from 3.0.8 to 3.0.10 to address CVE-2019-3774",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rb9fe3ae33246d7f11604a1c85c861cb013a1e32248a43a0c22457107%40%3Cissues.servicemix.apache.org%3E"
},
{
"name": "[servicemix-issues] 20200618 [jira] [Reopened] (SM-4312) Upgrade spring-batch from 4.0.1 to 4.0.2 to address CVE-2019-3774",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r0153a08177fcfac7584c7b9ea3027f1e8f18f770126f905b9989190e%40%3Cissues.servicemix.apache.org%3E"
},
{
"name": "[servicemix-issues] 20200618 [jira] [Commented] (SM-4315) Upgrade spring-batch from 3.0.8 to 3.0.10 to address CVE-2019-3774",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r96d90e59bb12af5e5c631dcf7d7d80857a52bf3dc44d5b85553e7fc4%40%3Cissues.servicemix.apache.org%3E"
},
{
"name": "[servicemix-issues] 20200618 [jira] [Commented] (SM-4312) Upgrade spring-batch from 4.0.1 to 4.0.2 to address CVE-2019-3774",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r78645ca0eef44a276e144447fb2087db758b1fb8826d0330b3f0da1a%40%3Cissues.servicemix.apache.org%3E"
},
{
"name": "[servicemix-commits] 20200618 [servicemix-bundles] branch master updated: [SM-4312]add spring-batch-infrastructure-4.0.2.RELEASE(address CVE-2019-3774)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/ra329bb85da9da93ac6f9b5fc0fc5446a3af0ee2a62c5de484da0af54%40%3Ccommits.servicemix.apache.org%3E"
},
{
"name": "[servicemix-commits] 20200618 [servicemix-bundles] branch master updated: [SM-4315]add spring-batch-infrastructure-3.0.10.RELEASE(address CVE-2019-3774)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r5fbb63e405d2211c16524d33f52e3b122109d3bc88d5f74623fb212d%40%3Ccommits.servicemix.apache.org%3E"
},
{
"name": "[servicemix-issues] 20200629 [jira] [Updated] (SM-4312) Upgrade spring-batch from 4.0.1 to 4.0.2 to address CVE-2019-3774",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r08e7ddc354bdcbf95d88399f18b3d804865034f8bc706095e594b29f%40%3Cissues.servicemix.apache.org%3E"
},
{
"name": "[servicemix-issues] 20200629 [jira] [Resolved] (SM-4315) Upgrade spring-batch from 3.0.8 to 3.0.10 to address CVE-2019-3774",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r79991aeb5d0c53c67e400e037c72758a06607752ca2f23b5302dd61f%40%3Cissues.servicemix.apache.org%3E"
},
{
"name": "[servicemix-issues] 20200629 [jira] [Resolved] (SM-4312) Upgrade spring-batch from 4.0.1 to 4.0.2 to address CVE-2019-3774",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rf83697efcbcfe1131e31bbc7025cb3ee1db5d9185e9481093b2ef961%40%3Cissues.servicemix.apache.org%3E"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Spring Batch XML External Entity Injection (XXE)",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@dell.com",
"DATE_PUBLIC": "2019-01-15T20:30:17.000Z",
"ID": "CVE-2019-3774",
"STATE": "PUBLIC",
"TITLE": "Spring Batch XML External Entity Injection (XXE)"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Spring Batch",
"version": {
"version_data": [
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_name": "4.0",
"version_value": "4.0.1.RELEASE"
},
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_name": "4.1",
"version_value": "4.1.0.RELEASE"
},
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_name": "3.0",
"version_value": "3.0.9.RELEASE"
}
]
}
}
]
},
"vendor_name": "Spring"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Spring Batch versions 3.0.9, 4.0.1, 4.1.0, and older unsupported versions, were susceptible to XML External Entity Injection (XXE) when receiving XML data from untrusted sources."
}
]
},
"impact": null,
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-611: XML External Entities (XXE)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://pivotal.io/security/cve-2019-3774",
"refsource": "CONFIRM",
"url": "https://pivotal.io/security/cve-2019-3774"
},
{
"name": "[servicemix-issues] 20200203 [jira] [Created] (SM-4312) Upgrade spring-batch from 4.0.1 to 4.0.2 to address CVE-2019-3774",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rcd26a5409af7356b5f69b2fafae3cf621bff8bf155f50e9ccf9ed5f6@%3Cissues.servicemix.apache.org%3E"
},
{
"name": "[servicemix-commits] 20200203 [servicemix-bundles] branch master updated: [SM-4312]Upgrade spring-batch from 4.0.1 to 4.0.2 to address CVE-2019-3774",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rfea6eebfebb13bc015f258e7fa31d4e24a4202601be3b307da28d530@%3Ccommits.servicemix.apache.org%3E"
},
{
"name": "[servicemix-issues] 20200203 [jira] [Assigned] (SM-4312) Upgrade spring-batch from 4.0.1 to 4.0.2 to address CVE-2019-3774",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/ree71c6425d2cc0e36b77bda6902965a657c1e09c7229459811d66474@%3Cissues.servicemix.apache.org%3E"
},
{
"name": "[servicemix-issues] 20200203 [jira] [Updated] (SM-4312) Upgrade spring-batch from 4.0.1 to 4.0.2 to address CVE-2019-3774",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r47c7f67a3067ec09262eef0705abc42ea1b646699d9198bcaf8dad02@%3Cissues.servicemix.apache.org%3E"
},
{
"name": "[servicemix-issues] 20200205 [jira] [Resolved] (SM-4312) Upgrade spring-batch from 4.0.1 to 4.0.2 to address CVE-2019-3774",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r2349237482bcec43632d9d78d7d2804520d9a82f4d8b1fd96bb616b8@%3Cissues.servicemix.apache.org%3E"
},
{
"name": "[servicemix-issues] 20200206 [jira] [Created] (SM-4315) Upgrade spring-batch from 3.0.8 to 3.0.10 to address CVE-2019-3774",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rcd4945d66d8bb2fc92396af56a70ede4af983a2c98166f1281338346@%3Cissues.servicemix.apache.org%3E"
},
{
"name": "[servicemix-issues] 20200206 [jira] [Assigned] (SM-4315) Upgrade spring-batch from 3.0.8 to 3.0.10 to address CVE-2019-3774",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/ra62a3bf48ab4e0e9aaed970b03d79a73224d68a4275858c707542f6c@%3Cissues.servicemix.apache.org%3E"
},
{
"name": "[servicemix-issues] 20200206 [jira] [Updated] (SM-4315) Upgrade spring-batch from 3.0.8 to 3.0.10 to address CVE-2019-3774",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r01292194daa9ed3117b34dabec0c26929f6db13b9613fc144f720d52@%3Cissues.servicemix.apache.org%3E"
},
{
"name": "[servicemix-issues] 20200206 [jira] [Resolved] (SM-4315) Upgrade spring-batch from 3.0.8 to 3.0.10 to address CVE-2019-3774",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/ra8c7573911082e9968f4835943045ad0952232bb6314becf23dc3de5@%3Cissues.servicemix.apache.org%3E"
},
{
"name": "[servicemix-commits] 20200206 [servicemix-bundles] branch master updated: [SM-4315]Upgrade spring-batch from 3.0.8 to 3.0.10 to address CVE-2019-3774",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/raae74a9290784e20e86fcd4e2525fa8700aeed6f65f3613b5b04bb11@%3Ccommits.servicemix.apache.org%3E"
},
{
"name": "[servicemix-issues] 20200618 [jira] [Reopened] (SM-4315) Upgrade spring-batch from 3.0.8 to 3.0.10 to address CVE-2019-3774",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rb9fe3ae33246d7f11604a1c85c861cb013a1e32248a43a0c22457107@%3Cissues.servicemix.apache.org%3E"
},
{
"name": "[servicemix-issues] 20200618 [jira] [Reopened] (SM-4312) Upgrade spring-batch from 4.0.1 to 4.0.2 to address CVE-2019-3774",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r0153a08177fcfac7584c7b9ea3027f1e8f18f770126f905b9989190e@%3Cissues.servicemix.apache.org%3E"
},
{
"name": "[servicemix-issues] 20200618 [jira] [Commented] (SM-4315) Upgrade spring-batch from 3.0.8 to 3.0.10 to address CVE-2019-3774",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r96d90e59bb12af5e5c631dcf7d7d80857a52bf3dc44d5b85553e7fc4@%3Cissues.servicemix.apache.org%3E"
},
{
"name": "[servicemix-issues] 20200618 [jira] [Commented] (SM-4312) Upgrade spring-batch from 4.0.1 to 4.0.2 to address CVE-2019-3774",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r78645ca0eef44a276e144447fb2087db758b1fb8826d0330b3f0da1a@%3Cissues.servicemix.apache.org%3E"
},
{
"name": "[servicemix-commits] 20200618 [servicemix-bundles] branch master updated: [SM-4312]add spring-batch-infrastructure-4.0.2.RELEASE(address CVE-2019-3774)",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/ra329bb85da9da93ac6f9b5fc0fc5446a3af0ee2a62c5de484da0af54@%3Ccommits.servicemix.apache.org%3E"
},
{
"name": "[servicemix-commits] 20200618 [servicemix-bundles] branch master updated: [SM-4315]add spring-batch-infrastructure-3.0.10.RELEASE(address CVE-2019-3774)",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r5fbb63e405d2211c16524d33f52e3b122109d3bc88d5f74623fb212d@%3Ccommits.servicemix.apache.org%3E"
},
{
"name": "[servicemix-issues] 20200629 [jira] [Updated] (SM-4312) Upgrade spring-batch from 4.0.1 to 4.0.2 to address CVE-2019-3774",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r08e7ddc354bdcbf95d88399f18b3d804865034f8bc706095e594b29f@%3Cissues.servicemix.apache.org%3E"
},
{
"name": "[servicemix-issues] 20200629 [jira] [Resolved] (SM-4315) Upgrade spring-batch from 3.0.8 to 3.0.10 to address CVE-2019-3774",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r79991aeb5d0c53c67e400e037c72758a06607752ca2f23b5302dd61f@%3Cissues.servicemix.apache.org%3E"
},
{
"name": "[servicemix-issues] 20200629 [jira] [Resolved] (SM-4312) Upgrade spring-batch from 4.0.1 to 4.0.2 to address CVE-2019-3774",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rf83697efcbcfe1131e31bbc7025cb3ee1db5d9185e9481093b2ef961@%3Cissues.servicemix.apache.org%3E"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2019-3774",
"datePublished": "2019-01-18T22:00:00.000Z",
"dateReserved": "2019-01-03T00:00:00.000Z",
"dateUpdated": "2024-09-16T20:57:23.130Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-3774 (GCVE-0-2019-3774)
Vulnerability from cvelistv5 – Published: 2019-01-18 22:00 – Updated: 2024-09-16 20:57
VLAI?
Title
Spring Batch XML External Entity Injection (XXE)
Summary
Spring Batch versions 3.0.9, 4.0.1, 4.1.0, and older unsupported versions, were susceptible to XML External Entity Injection (XXE) when receiving XML data from untrusted sources.
Severity ?
No CVSS data available.
CWE
- CWE-611 - XML External Entities (XXE)
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Spring | Spring Batch |
Affected:
4.0 , < 4.0.1.RELEASE
(custom)
Affected: 4.1 , < 4.1.0.RELEASE (custom) Affected: 3.0 , < 3.0.9.RELEASE (custom) |
Date Public ?
2019-01-15 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:19:18.161Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://pivotal.io/security/cve-2019-3774"
},
{
"name": "[servicemix-issues] 20200203 [jira] [Created] (SM-4312) Upgrade spring-batch from 4.0.1 to 4.0.2 to address CVE-2019-3774",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rcd26a5409af7356b5f69b2fafae3cf621bff8bf155f50e9ccf9ed5f6%40%3Cissues.servicemix.apache.org%3E"
},
{
"name": "[servicemix-commits] 20200203 [servicemix-bundles] branch master updated: [SM-4312]Upgrade spring-batch from 4.0.1 to 4.0.2 to address CVE-2019-3774",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rfea6eebfebb13bc015f258e7fa31d4e24a4202601be3b307da28d530%40%3Ccommits.servicemix.apache.org%3E"
},
{
"name": "[servicemix-issues] 20200203 [jira] [Assigned] (SM-4312) Upgrade spring-batch from 4.0.1 to 4.0.2 to address CVE-2019-3774",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/ree71c6425d2cc0e36b77bda6902965a657c1e09c7229459811d66474%40%3Cissues.servicemix.apache.org%3E"
},
{
"name": "[servicemix-issues] 20200203 [jira] [Updated] (SM-4312) Upgrade spring-batch from 4.0.1 to 4.0.2 to address CVE-2019-3774",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r47c7f67a3067ec09262eef0705abc42ea1b646699d9198bcaf8dad02%40%3Cissues.servicemix.apache.org%3E"
},
{
"name": "[servicemix-issues] 20200205 [jira] [Resolved] (SM-4312) Upgrade spring-batch from 4.0.1 to 4.0.2 to address CVE-2019-3774",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r2349237482bcec43632d9d78d7d2804520d9a82f4d8b1fd96bb616b8%40%3Cissues.servicemix.apache.org%3E"
},
{
"name": "[servicemix-issues] 20200206 [jira] [Created] (SM-4315) Upgrade spring-batch from 3.0.8 to 3.0.10 to address CVE-2019-3774",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rcd4945d66d8bb2fc92396af56a70ede4af983a2c98166f1281338346%40%3Cissues.servicemix.apache.org%3E"
},
{
"name": "[servicemix-issues] 20200206 [jira] [Assigned] (SM-4315) Upgrade spring-batch from 3.0.8 to 3.0.10 to address CVE-2019-3774",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/ra62a3bf48ab4e0e9aaed970b03d79a73224d68a4275858c707542f6c%40%3Cissues.servicemix.apache.org%3E"
},
{
"name": "[servicemix-issues] 20200206 [jira] [Updated] (SM-4315) Upgrade spring-batch from 3.0.8 to 3.0.10 to address CVE-2019-3774",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r01292194daa9ed3117b34dabec0c26929f6db13b9613fc144f720d52%40%3Cissues.servicemix.apache.org%3E"
},
{
"name": "[servicemix-issues] 20200206 [jira] [Resolved] (SM-4315) Upgrade spring-batch from 3.0.8 to 3.0.10 to address CVE-2019-3774",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/ra8c7573911082e9968f4835943045ad0952232bb6314becf23dc3de5%40%3Cissues.servicemix.apache.org%3E"
},
{
"name": "[servicemix-commits] 20200206 [servicemix-bundles] branch master updated: [SM-4315]Upgrade spring-batch from 3.0.8 to 3.0.10 to address CVE-2019-3774",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/raae74a9290784e20e86fcd4e2525fa8700aeed6f65f3613b5b04bb11%40%3Ccommits.servicemix.apache.org%3E"
},
{
"name": "[servicemix-issues] 20200618 [jira] [Reopened] (SM-4315) Upgrade spring-batch from 3.0.8 to 3.0.10 to address CVE-2019-3774",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rb9fe3ae33246d7f11604a1c85c861cb013a1e32248a43a0c22457107%40%3Cissues.servicemix.apache.org%3E"
},
{
"name": "[servicemix-issues] 20200618 [jira] [Reopened] (SM-4312) Upgrade spring-batch from 4.0.1 to 4.0.2 to address CVE-2019-3774",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r0153a08177fcfac7584c7b9ea3027f1e8f18f770126f905b9989190e%40%3Cissues.servicemix.apache.org%3E"
},
{
"name": "[servicemix-issues] 20200618 [jira] [Commented] (SM-4315) Upgrade spring-batch from 3.0.8 to 3.0.10 to address CVE-2019-3774",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r96d90e59bb12af5e5c631dcf7d7d80857a52bf3dc44d5b85553e7fc4%40%3Cissues.servicemix.apache.org%3E"
},
{
"name": "[servicemix-issues] 20200618 [jira] [Commented] (SM-4312) Upgrade spring-batch from 4.0.1 to 4.0.2 to address CVE-2019-3774",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r78645ca0eef44a276e144447fb2087db758b1fb8826d0330b3f0da1a%40%3Cissues.servicemix.apache.org%3E"
},
{
"name": "[servicemix-commits] 20200618 [servicemix-bundles] branch master updated: [SM-4312]add spring-batch-infrastructure-4.0.2.RELEASE(address CVE-2019-3774)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/ra329bb85da9da93ac6f9b5fc0fc5446a3af0ee2a62c5de484da0af54%40%3Ccommits.servicemix.apache.org%3E"
},
{
"name": "[servicemix-commits] 20200618 [servicemix-bundles] branch master updated: [SM-4315]add spring-batch-infrastructure-3.0.10.RELEASE(address CVE-2019-3774)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r5fbb63e405d2211c16524d33f52e3b122109d3bc88d5f74623fb212d%40%3Ccommits.servicemix.apache.org%3E"
},
{
"name": "[servicemix-issues] 20200629 [jira] [Updated] (SM-4312) Upgrade spring-batch from 4.0.1 to 4.0.2 to address CVE-2019-3774",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r08e7ddc354bdcbf95d88399f18b3d804865034f8bc706095e594b29f%40%3Cissues.servicemix.apache.org%3E"
},
{
"name": "[servicemix-issues] 20200629 [jira] [Resolved] (SM-4315) Upgrade spring-batch from 3.0.8 to 3.0.10 to address CVE-2019-3774",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r79991aeb5d0c53c67e400e037c72758a06607752ca2f23b5302dd61f%40%3Cissues.servicemix.apache.org%3E"
},
{
"name": "[servicemix-issues] 20200629 [jira] [Resolved] (SM-4312) Upgrade spring-batch from 4.0.1 to 4.0.2 to address CVE-2019-3774",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rf83697efcbcfe1131e31bbc7025cb3ee1db5d9185e9481093b2ef961%40%3Cissues.servicemix.apache.org%3E"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Spring Batch",
"vendor": "Spring",
"versions": [
{
"lessThan": "4.0.1.RELEASE",
"status": "affected",
"version": "4.0",
"versionType": "custom"
},
{
"lessThan": "4.1.0.RELEASE",
"status": "affected",
"version": "4.1",
"versionType": "custom"
},
{
"lessThan": "3.0.9.RELEASE",
"status": "affected",
"version": "3.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2019-01-15T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Spring Batch versions 3.0.9, 4.0.1, 4.1.0, and older unsupported versions, were susceptible to XML External Entity Injection (XXE) when receiving XML data from untrusted sources."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-611",
"description": "CWE-611: XML External Entities (XXE)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-06-29T07:06:03.000Z",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://pivotal.io/security/cve-2019-3774"
},
{
"name": "[servicemix-issues] 20200203 [jira] [Created] (SM-4312) Upgrade spring-batch from 4.0.1 to 4.0.2 to address CVE-2019-3774",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rcd26a5409af7356b5f69b2fafae3cf621bff8bf155f50e9ccf9ed5f6%40%3Cissues.servicemix.apache.org%3E"
},
{
"name": "[servicemix-commits] 20200203 [servicemix-bundles] branch master updated: [SM-4312]Upgrade spring-batch from 4.0.1 to 4.0.2 to address CVE-2019-3774",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rfea6eebfebb13bc015f258e7fa31d4e24a4202601be3b307da28d530%40%3Ccommits.servicemix.apache.org%3E"
},
{
"name": "[servicemix-issues] 20200203 [jira] [Assigned] (SM-4312) Upgrade spring-batch from 4.0.1 to 4.0.2 to address CVE-2019-3774",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/ree71c6425d2cc0e36b77bda6902965a657c1e09c7229459811d66474%40%3Cissues.servicemix.apache.org%3E"
},
{
"name": "[servicemix-issues] 20200203 [jira] [Updated] (SM-4312) Upgrade spring-batch from 4.0.1 to 4.0.2 to address CVE-2019-3774",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r47c7f67a3067ec09262eef0705abc42ea1b646699d9198bcaf8dad02%40%3Cissues.servicemix.apache.org%3E"
},
{
"name": "[servicemix-issues] 20200205 [jira] [Resolved] (SM-4312) Upgrade spring-batch from 4.0.1 to 4.0.2 to address CVE-2019-3774",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r2349237482bcec43632d9d78d7d2804520d9a82f4d8b1fd96bb616b8%40%3Cissues.servicemix.apache.org%3E"
},
{
"name": "[servicemix-issues] 20200206 [jira] [Created] (SM-4315) Upgrade spring-batch from 3.0.8 to 3.0.10 to address CVE-2019-3774",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rcd4945d66d8bb2fc92396af56a70ede4af983a2c98166f1281338346%40%3Cissues.servicemix.apache.org%3E"
},
{
"name": "[servicemix-issues] 20200206 [jira] [Assigned] (SM-4315) Upgrade spring-batch from 3.0.8 to 3.0.10 to address CVE-2019-3774",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/ra62a3bf48ab4e0e9aaed970b03d79a73224d68a4275858c707542f6c%40%3Cissues.servicemix.apache.org%3E"
},
{
"name": "[servicemix-issues] 20200206 [jira] [Updated] (SM-4315) Upgrade spring-batch from 3.0.8 to 3.0.10 to address CVE-2019-3774",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r01292194daa9ed3117b34dabec0c26929f6db13b9613fc144f720d52%40%3Cissues.servicemix.apache.org%3E"
},
{
"name": "[servicemix-issues] 20200206 [jira] [Resolved] (SM-4315) Upgrade spring-batch from 3.0.8 to 3.0.10 to address CVE-2019-3774",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/ra8c7573911082e9968f4835943045ad0952232bb6314becf23dc3de5%40%3Cissues.servicemix.apache.org%3E"
},
{
"name": "[servicemix-commits] 20200206 [servicemix-bundles] branch master updated: [SM-4315]Upgrade spring-batch from 3.0.8 to 3.0.10 to address CVE-2019-3774",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/raae74a9290784e20e86fcd4e2525fa8700aeed6f65f3613b5b04bb11%40%3Ccommits.servicemix.apache.org%3E"
},
{
"name": "[servicemix-issues] 20200618 [jira] [Reopened] (SM-4315) Upgrade spring-batch from 3.0.8 to 3.0.10 to address CVE-2019-3774",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rb9fe3ae33246d7f11604a1c85c861cb013a1e32248a43a0c22457107%40%3Cissues.servicemix.apache.org%3E"
},
{
"name": "[servicemix-issues] 20200618 [jira] [Reopened] (SM-4312) Upgrade spring-batch from 4.0.1 to 4.0.2 to address CVE-2019-3774",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r0153a08177fcfac7584c7b9ea3027f1e8f18f770126f905b9989190e%40%3Cissues.servicemix.apache.org%3E"
},
{
"name": "[servicemix-issues] 20200618 [jira] [Commented] (SM-4315) Upgrade spring-batch from 3.0.8 to 3.0.10 to address CVE-2019-3774",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r96d90e59bb12af5e5c631dcf7d7d80857a52bf3dc44d5b85553e7fc4%40%3Cissues.servicemix.apache.org%3E"
},
{
"name": "[servicemix-issues] 20200618 [jira] [Commented] (SM-4312) Upgrade spring-batch from 4.0.1 to 4.0.2 to address CVE-2019-3774",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r78645ca0eef44a276e144447fb2087db758b1fb8826d0330b3f0da1a%40%3Cissues.servicemix.apache.org%3E"
},
{
"name": "[servicemix-commits] 20200618 [servicemix-bundles] branch master updated: [SM-4312]add spring-batch-infrastructure-4.0.2.RELEASE(address CVE-2019-3774)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/ra329bb85da9da93ac6f9b5fc0fc5446a3af0ee2a62c5de484da0af54%40%3Ccommits.servicemix.apache.org%3E"
},
{
"name": "[servicemix-commits] 20200618 [servicemix-bundles] branch master updated: [SM-4315]add spring-batch-infrastructure-3.0.10.RELEASE(address CVE-2019-3774)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r5fbb63e405d2211c16524d33f52e3b122109d3bc88d5f74623fb212d%40%3Ccommits.servicemix.apache.org%3E"
},
{
"name": "[servicemix-issues] 20200629 [jira] [Updated] (SM-4312) Upgrade spring-batch from 4.0.1 to 4.0.2 to address CVE-2019-3774",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r08e7ddc354bdcbf95d88399f18b3d804865034f8bc706095e594b29f%40%3Cissues.servicemix.apache.org%3E"
},
{
"name": "[servicemix-issues] 20200629 [jira] [Resolved] (SM-4315) Upgrade spring-batch from 3.0.8 to 3.0.10 to address CVE-2019-3774",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r79991aeb5d0c53c67e400e037c72758a06607752ca2f23b5302dd61f%40%3Cissues.servicemix.apache.org%3E"
},
{
"name": "[servicemix-issues] 20200629 [jira] [Resolved] (SM-4312) Upgrade spring-batch from 4.0.1 to 4.0.2 to address CVE-2019-3774",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rf83697efcbcfe1131e31bbc7025cb3ee1db5d9185e9481093b2ef961%40%3Cissues.servicemix.apache.org%3E"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Spring Batch XML External Entity Injection (XXE)",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@dell.com",
"DATE_PUBLIC": "2019-01-15T20:30:17.000Z",
"ID": "CVE-2019-3774",
"STATE": "PUBLIC",
"TITLE": "Spring Batch XML External Entity Injection (XXE)"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Spring Batch",
"version": {
"version_data": [
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_name": "4.0",
"version_value": "4.0.1.RELEASE"
},
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_name": "4.1",
"version_value": "4.1.0.RELEASE"
},
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_name": "3.0",
"version_value": "3.0.9.RELEASE"
}
]
}
}
]
},
"vendor_name": "Spring"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Spring Batch versions 3.0.9, 4.0.1, 4.1.0, and older unsupported versions, were susceptible to XML External Entity Injection (XXE) when receiving XML data from untrusted sources."
}
]
},
"impact": null,
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-611: XML External Entities (XXE)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://pivotal.io/security/cve-2019-3774",
"refsource": "CONFIRM",
"url": "https://pivotal.io/security/cve-2019-3774"
},
{
"name": "[servicemix-issues] 20200203 [jira] [Created] (SM-4312) Upgrade spring-batch from 4.0.1 to 4.0.2 to address CVE-2019-3774",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rcd26a5409af7356b5f69b2fafae3cf621bff8bf155f50e9ccf9ed5f6@%3Cissues.servicemix.apache.org%3E"
},
{
"name": "[servicemix-commits] 20200203 [servicemix-bundles] branch master updated: [SM-4312]Upgrade spring-batch from 4.0.1 to 4.0.2 to address CVE-2019-3774",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rfea6eebfebb13bc015f258e7fa31d4e24a4202601be3b307da28d530@%3Ccommits.servicemix.apache.org%3E"
},
{
"name": "[servicemix-issues] 20200203 [jira] [Assigned] (SM-4312) Upgrade spring-batch from 4.0.1 to 4.0.2 to address CVE-2019-3774",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/ree71c6425d2cc0e36b77bda6902965a657c1e09c7229459811d66474@%3Cissues.servicemix.apache.org%3E"
},
{
"name": "[servicemix-issues] 20200203 [jira] [Updated] (SM-4312) Upgrade spring-batch from 4.0.1 to 4.0.2 to address CVE-2019-3774",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r47c7f67a3067ec09262eef0705abc42ea1b646699d9198bcaf8dad02@%3Cissues.servicemix.apache.org%3E"
},
{
"name": "[servicemix-issues] 20200205 [jira] [Resolved] (SM-4312) Upgrade spring-batch from 4.0.1 to 4.0.2 to address CVE-2019-3774",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r2349237482bcec43632d9d78d7d2804520d9a82f4d8b1fd96bb616b8@%3Cissues.servicemix.apache.org%3E"
},
{
"name": "[servicemix-issues] 20200206 [jira] [Created] (SM-4315) Upgrade spring-batch from 3.0.8 to 3.0.10 to address CVE-2019-3774",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rcd4945d66d8bb2fc92396af56a70ede4af983a2c98166f1281338346@%3Cissues.servicemix.apache.org%3E"
},
{
"name": "[servicemix-issues] 20200206 [jira] [Assigned] (SM-4315) Upgrade spring-batch from 3.0.8 to 3.0.10 to address CVE-2019-3774",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/ra62a3bf48ab4e0e9aaed970b03d79a73224d68a4275858c707542f6c@%3Cissues.servicemix.apache.org%3E"
},
{
"name": "[servicemix-issues] 20200206 [jira] [Updated] (SM-4315) Upgrade spring-batch from 3.0.8 to 3.0.10 to address CVE-2019-3774",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r01292194daa9ed3117b34dabec0c26929f6db13b9613fc144f720d52@%3Cissues.servicemix.apache.org%3E"
},
{
"name": "[servicemix-issues] 20200206 [jira] [Resolved] (SM-4315) Upgrade spring-batch from 3.0.8 to 3.0.10 to address CVE-2019-3774",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/ra8c7573911082e9968f4835943045ad0952232bb6314becf23dc3de5@%3Cissues.servicemix.apache.org%3E"
},
{
"name": "[servicemix-commits] 20200206 [servicemix-bundles] branch master updated: [SM-4315]Upgrade spring-batch from 3.0.8 to 3.0.10 to address CVE-2019-3774",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/raae74a9290784e20e86fcd4e2525fa8700aeed6f65f3613b5b04bb11@%3Ccommits.servicemix.apache.org%3E"
},
{
"name": "[servicemix-issues] 20200618 [jira] [Reopened] (SM-4315) Upgrade spring-batch from 3.0.8 to 3.0.10 to address CVE-2019-3774",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rb9fe3ae33246d7f11604a1c85c861cb013a1e32248a43a0c22457107@%3Cissues.servicemix.apache.org%3E"
},
{
"name": "[servicemix-issues] 20200618 [jira] [Reopened] (SM-4312) Upgrade spring-batch from 4.0.1 to 4.0.2 to address CVE-2019-3774",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r0153a08177fcfac7584c7b9ea3027f1e8f18f770126f905b9989190e@%3Cissues.servicemix.apache.org%3E"
},
{
"name": "[servicemix-issues] 20200618 [jira] [Commented] (SM-4315) Upgrade spring-batch from 3.0.8 to 3.0.10 to address CVE-2019-3774",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r96d90e59bb12af5e5c631dcf7d7d80857a52bf3dc44d5b85553e7fc4@%3Cissues.servicemix.apache.org%3E"
},
{
"name": "[servicemix-issues] 20200618 [jira] [Commented] (SM-4312) Upgrade spring-batch from 4.0.1 to 4.0.2 to address CVE-2019-3774",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r78645ca0eef44a276e144447fb2087db758b1fb8826d0330b3f0da1a@%3Cissues.servicemix.apache.org%3E"
},
{
"name": "[servicemix-commits] 20200618 [servicemix-bundles] branch master updated: [SM-4312]add spring-batch-infrastructure-4.0.2.RELEASE(address CVE-2019-3774)",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/ra329bb85da9da93ac6f9b5fc0fc5446a3af0ee2a62c5de484da0af54@%3Ccommits.servicemix.apache.org%3E"
},
{
"name": "[servicemix-commits] 20200618 [servicemix-bundles] branch master updated: [SM-4315]add spring-batch-infrastructure-3.0.10.RELEASE(address CVE-2019-3774)",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r5fbb63e405d2211c16524d33f52e3b122109d3bc88d5f74623fb212d@%3Ccommits.servicemix.apache.org%3E"
},
{
"name": "[servicemix-issues] 20200629 [jira] [Updated] (SM-4312) Upgrade spring-batch from 4.0.1 to 4.0.2 to address CVE-2019-3774",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r08e7ddc354bdcbf95d88399f18b3d804865034f8bc706095e594b29f@%3Cissues.servicemix.apache.org%3E"
},
{
"name": "[servicemix-issues] 20200629 [jira] [Resolved] (SM-4315) Upgrade spring-batch from 3.0.8 to 3.0.10 to address CVE-2019-3774",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r79991aeb5d0c53c67e400e037c72758a06607752ca2f23b5302dd61f@%3Cissues.servicemix.apache.org%3E"
},
{
"name": "[servicemix-issues] 20200629 [jira] [Resolved] (SM-4312) Upgrade spring-batch from 4.0.1 to 4.0.2 to address CVE-2019-3774",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rf83697efcbcfe1131e31bbc7025cb3ee1db5d9185e9481093b2ef961@%3Cissues.servicemix.apache.org%3E"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2019-3774",
"datePublished": "2019-01-18T22:00:00.000Z",
"dateReserved": "2019-01-03T00:00:00.000Z",
"dateUpdated": "2024-09-16T20:57:23.130Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}