CVE-2019-3774

CVE-2019-3774: Spring Batch XML External Entity Injection (XXE)

Vendor Spring
Product Spring Batch
Weakness CWE-611 · XXE
Published January 18, 2019
Last update September 16, 2024

CVSS base score

What the vulnerability does

01Description

Spring Batch versions 3.0.9, 4.0.1, 4.1.0, and older unsupported versions, were susceptible to XML External Entity Injection (XXE) when receiving XML data from untrusted sources.

Key dates

02Disclosure timeline

January 18, 2019 CVE published
September 16, 2024 Record updated