Home > Vulnerability Database > CVE-2019-3774

WhiteSource Vulnerability Database

CVE-2019-3774

Good to know:

Date: June 29, 2020

Spring Batch versions 3.0.9, 4.0.1, 4.1.0, and older unsupported versions, were susceptible to XML External Entity Injection (XXE) when receiving XML data from untrusted sources.

Language: Java

Severity Score

9.8

Related Resources (5)

Url: https://nvd.nist.gov/vuln/detail/CVE-2019-3774

Url: https://lists.apache.org/thread.html/r47c7f67a3067ec09262eef0705abc42ea1b646699d9198bcaf8dad02@%3Cissues.servicemix.apache.org%3E

Url: https://lists.apache.org/thread.html/r01292194daa9ed3117b34dabec0c26929f6db13b9613fc144f720d52@%3Cissues.servicemix.apache.org%3E

Url: https://lists.apache.org/thread.html/r5fbb63e405d2211c16524d33f52e3b122109d3bc88d5f74623fb212d@%3Ccommits.servicemix.apache.org%3E

Url: https://www.whitesourcesoftware.com/vulnerability-database/CVE-2019-3774

Severity Score

9.8

Weakness Type (CWE)

Improper Restriction of XML External Entity Reference ('XXE')

CWE-611

Top Fix

Upgrade Version

Upgrade to version 3.0.10.RELEASE;4.0.2.RELEASE;4.1.1.RELEASE

Learn More

CVSS v3

Base Score:	9.8
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

CVSS v2

Base Score:	7.5
Access Vector (AV):	NETWORK
Access Complexity (AC):	LOW
Authentication (AU):	NONE
Confidentiality (C):	PARTIAL
Integrity (I):	PARTIAL
Availability (A):	PARTIAL
Additional information:

WhiteSource Vulnerability Database

We found results for “”

CVE-2019-3774

Good to know:

Date: June 29, 2020

Language: Java

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3

CVSS v2

Do you need more information?