6 matches found
Important: Red Hat Security Advisory: Red Hat Fuse 7.8.0 release and security update
A minor version update from 7.7 to 7.8 is now available for Red Hat Fuse. The purpose of this text-only errata is to inform you about the security issues fixed in this release. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring...
cloud.altemista.fwk.batch:cloud-altemistafwk-core-batch-spring (>=3.0.0.RELEASE <=3.0.1.RELEASE), cloud.altemista.fwk.batch:cloud-altemistafwk-core-batch-spring-conf (>=3.0.0.RELEASE <=3.0.1.RELEASE) +46 more potentially affected by CVE-2019-3774 via org.springframework.batch:spring-batch-core (>=4.0.0.RELEASE <=4.0.1.RELEASE)
org.springframework.batch:spring-batch-core MAVEN version =4.0.0.RELEASE, =3.0.0.RELEASE, =3.0.0.RELEASE, =3.0.0, =1.0.0, =1.0.1, =1.0.0, =1.0.1, =2.0.0.RELEASE, =2.0.0.RELEASE, =2.0.1.RELEASE and more Source cves: CVE-2019-3774 Source advisory: OSV:G...
be.dnsbelgium:rdap-server (>=0.3.3 <=1.1.0), com.bazoud.metrics:metrics-spring-batch (=1.0) +135 more potentially affected by CVE-2019-3774 via org.springframework.batch:spring-batch-core (>=1.0.0.FINAL <=3.0.0.RELEASE)
org.springframework.batch:spring-batch-core MAVEN version =1.0.0.FINAL, =0.3.3, =0.0.4, =0.2.4, =0.1.0, =1.0.2, =1.0.2, =1.3, =0.3.1, =0.2.0, =0.2.3 and more Source cves: CVE-2019-3774 Source advisory: OSV:GHSA-3WC8-659G-R88Q...
CVE-2019-3774
Spring Batch versions 3.0.9, 4.0.1, 4.1.0, and older unsupported versions, were susceptible to XML External Entity Injection XXE when receiving XML data from untrusted sources...
CVE-2019-3774
CVE-2019-3774 affects Spring Batch versions 3.0.9, 4.0.1, 4.1.0 and older unsupported versions. It is caused by an XML External Entity (XXE) vulnerability when processing XML data from untrusted sources. Public scoring indicates high severity (CVSS v3 base 9.8; v2 base 7.5). No remediation or fix...
CVE-2019-3774 Spring Batch XML External Entity Injection (XXE)
Spring Batch versions 3.0.9, 4.0.1, 4.1.0, and older unsupported versions, were susceptible to XML External Entity Injection XXE when receiving XML data from untrusted sources...