Search for packages
| purl | pkg:maven/org.springframework.batch/spring-batch-core@4.0.2.RELEASE |
| Next non-vulnerable version | 4.2.2.RELEASE |
| Latest non-vulnerable version | 4.2.2.RELEASE |
| Risk | 4.0 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-53fw-w4ct-3ya6
Aliases: CVE-2020-5411 GHSA-4ph4-q9r5-6wm6 |
spring-batch-core: Jackson configuration allows code execution with unknown serialization gadgets |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-bfyg-zh3w-cubk | Low severity vulnerability that affects org.springframework.batch:spring-batch-core Spring Batch versions 3.0.9, 4.0.1, 4.1.0, and older unsupported versions, were susceptible to XML External Entity Injection (XXE) when receiving XML data from untrusted sources. |
CVE-2019-3774
GHSA-3wc8-659g-r88q |
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-06-06T02:26:07.747361+00:00 | GitLab Importer | Affected by | VCID-53fw-w4ct-3ya6 | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.springframework.batch/spring-batch-core/CVE-2020-5411.yml | 38.6.0 |
| 2026-06-05T21:08:14.879776+00:00 | GHSA Importer | Fixing | VCID-bfyg-zh3w-cubk | https://github.com/advisories/GHSA-3wc8-659g-r88q | 38.6.0 |
| 2026-06-04T17:41:35.460253+00:00 | GithubOSV Importer | Fixing | VCID-bfyg-zh3w-cubk | https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2019/01/GHSA-3wc8-659g-r88q/GHSA-3wc8-659g-r88q.json | 38.6.0 |
| 2026-06-02T04:38:50.684015+00:00 | GitLab Importer | Fixing | VCID-bfyg-zh3w-cubk | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.springframework.batch/spring-batch-core/CVE-2019-3774.yml | 38.6.0 |