CVE-2019-3774: Improper Restriction of XML External Entity Reference

January 25, 2019 (updated January 8, 2021)

Spring Batch versions 3.0.9, 4.0.1, 4.1.0, and older unsupported versions, were susceptible to XML External Entity Injection (XXE) when receiving XML data from untrusted sources.

References

github.com/advisories/GHSA-3wc8-659g-r88q
nvd.nist.gov/vuln/detail/CVE-2019-3774
pivotal.io/security/cve-2019-3774

Detect and mitigate CVE-2019-3774 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →