Spring Batch Pivotal Software Spring Batch

Do you want an email whenever new security vulnerabilities are reported in Pivotal Software Spring Batch?

By the Year

In 2024 there have been 0 vulnerabilities in Pivotal Software Spring Batch . Spring Batch did not have any published security vulnerabilities last year.

Year Vulnerabilities Average Score
2024 0 0.00
2023 0 0.00
2022 0 0.00
2021 0 0.00
2020 1 8.10
2019 1 9.80
2018 0 0.00

It may take a day or so for new Spring Batch vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Pivotal Software Spring Batch Security Vulnerabilities

When configured to enable default typing, Jackson contained a deserialization vulnerability that could lead to arbitrary code execution

CVE-2020-5411 8.1 - High - June 11, 2020

When configured to enable default typing, Jackson contained a deserialization vulnerability that could lead to arbitrary code execution. Jackson fixed this vulnerability by blacklisting known "deserialization gadgets". Spring Batch configures Jackson with global default typing enabled which means that through the previous exploit, arbitrary code could be executed if all of the following is true: * Spring Batch's Jackson support is being leveraged to serialize a job's ExecutionContext. * A malicious user gains write access to the data store used by the JobRepository (where the data to be deserialized is stored). In order to protect against this type of attack, Jackson prevents a set of untrusted gadget classes from being deserialized. Spring Batch should be proactive against blocking unknown "deserialization gadgets" when enabling default typing.

Marshaling, Unmarshaling

Spring Batch versions 3.0.9, 4.0.1, 4.1.0, and older unsupported versions, were susceptible to XML External Entity Injection (XXE) when receiving XML data

CVE-2019-3774 9.8 - Critical - January 18, 2019

Spring Batch versions 3.0.9, 4.0.1, 4.1.0, and older unsupported versions, were susceptible to XML External Entity Injection (XXE) when receiving XML data from untrusted sources.

XXE

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Pivotal Software Spring Batch or by Pivotal Software? Click the Watch button to subscribe.

subscribe