Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.1
CVE-2020-5411
- EPSS 0.81%
- Published 11.06.2020 17:15:12
- Last modified 21.11.2024 05:34:07
When configured to enable default typing, Jackson contained a deserialization vulnerability that could lead to arbitrary code execution. Jackson fixed this vulnerability by blacklisting known "deserialization gadgets". Spring Batch configures Jackson...
9.8
CVE-2019-3774
- EPSS 2.11%
- Published 18.01.2019 22:29:01
- Last modified 21.11.2024 04:42:30
Spring Batch versions 3.0.9, 4.0.1, 4.1.0, and older unsupported versions, were susceptible to XML External Entity Injection (XXE) when receiving XML data from untrusted sources.
1