Spring Batch versions 3.0.9, 4.0.1, 4.1.0, and older unsupported versions, were susceptible to XML External Entity Injection (XXE) when receiving XML data from untrusted sources.
{ "nvd_published_at": null, "cwe_ids": [ "CWE-611" ], "severity": "LOW", "github_reviewed": true, "github_reviewed_at": "2020-06-16T20:56:44Z" }