Skip to main content

Spring Batch

2 CVEs product

Monthly

CVE-2020-5411 Maven HIGH PATCH This Week

When configured to enable default typing, Jackson contained a deserialization vulnerability that could lead to arbitrary code execution. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Java RCE Deserialization Spring Batch
NVD
CVSS 3.1
8.1
EPSS
1.9%
CVE-2019-3774 Maven CRITICAL PATCH Act Now

Spring Batch versions 3.0.9, 4.0.1, 4.1.0, and older unsupported versions, were susceptible to XML External Entity Injection (XXE) when receiving XML data from untrusted sources. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE Java Spring Batch
NVD
CVSS 3.0
9.8
EPSS
3.0%
EPSS 2% CVSS 8.1
HIGH PATCH This Week

When configured to enable default typing, Jackson contained a deserialization vulnerability that could lead to arbitrary code execution. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Java RCE Deserialization +1
NVD
EPSS 3% CVSS 9.8
CRITICAL PATCH Act Now

Spring Batch versions 3.0.9, 4.0.1, 4.1.0, and older unsupported versions, were susceptible to XML External Entity Injection (XXE) when receiving XML data from untrusted sources. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE Java Spring Batch
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy