Pivotal Software Spring Batch
By the Year
In 2024 there have been 0 vulnerabilities in Pivotal Software Spring Batch . Spring Batch did not have any published security vulnerabilities last year.
Year | Vulnerabilities | Average Score |
---|---|---|
2024 | 0 | 0.00 |
2023 | 0 | 0.00 |
2022 | 0 | 0.00 |
2021 | 0 | 0.00 |
2020 | 1 | 8.10 |
2019 | 1 | 9.80 |
2018 | 0 | 0.00 |
It may take a day or so for new Spring Batch vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Pivotal Software Spring Batch Security Vulnerabilities
When configured to enable default typing, Jackson contained a deserialization vulnerability that could lead to arbitrary code execution
CVE-2020-5411
8.1 - High
- June 11, 2020
When configured to enable default typing, Jackson contained a deserialization vulnerability that could lead to arbitrary code execution. Jackson fixed this vulnerability by blacklisting known "deserialization gadgets". Spring Batch configures Jackson with global default typing enabled which means that through the previous exploit, arbitrary code could be executed if all of the following is true: * Spring Batch's Jackson support is being leveraged to serialize a job's ExecutionContext. * A malicious user gains write access to the data store used by the JobRepository (where the data to be deserialized is stored). In order to protect against this type of attack, Jackson prevents a set of untrusted gadget classes from being deserialized. Spring Batch should be proactive against blocking unknown "deserialization gadgets" when enabling default typing.
Marshaling, Unmarshaling
Spring Batch versions 3.0.9, 4.0.1, 4.1.0, and older unsupported versions, were susceptible to XML External Entity Injection (XXE) when receiving XML data
CVE-2019-3774
9.8 - Critical
- January 18, 2019
Spring Batch versions 3.0.9, 4.0.1, 4.1.0, and older unsupported versions, were susceptible to XML External Entity Injection (XXE) when receiving XML data from untrusted sources.
XXE
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Pivotal Software Spring Batch or by Pivotal Software? Click the Watch button to subscribe.