GHSA-4cj8-779h-r25h

Suggest an improvement
Source
https://github.com/advisories/GHSA-4cj8-779h-r25h
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-4cj8-779h-r25h/GHSA-4cj8-779h-r25h.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-4cj8-779h-r25h
Aliases
  • CVE-2018-1229
Published
2022-05-13T01:33:25Z
Modified
2024-02-16T08:13:10.204809Z
Severity
  • 6.1 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
Summary
Cross-site Scripting in Pivotal Spring Batch Admin
Details

Pivotal Spring Batch Admin, all versions, contains a stored XSS vulnerability in the file upload feature. An unauthenticated malicious user with network access to Spring Batch Admin could store an arbitrary web script that would be executed by other users. This issue has not been patched because Spring Batch Admin has reached end of life.

Database specific 
{
    "nvd_published_at": "2018-03-21T20:29:00Z",
    "cwe_ids": [
        "CWE-79"
    ],
    "severity": "MODERATE",
    "github_reviewed": true,
    "github_reviewed_at": "2024-01-05T22:29:27Z"
}
References

Affected packages

Maven / org.springframework.batch:spring-batch-admin-manager

Package

Name
org.springframework.batch:spring-batch-admin-manager
View open source insights on deps.dev
Purl
pkg:maven/org.springframework.batch/spring-batch-admin-manager

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Last affected
2.0.0.M1

Affected versions

1.*

1.0.0.RELEASE
1.2.0.RELEASE
1.2.1.RELEASE
1.2.2.RELEASE
1.3.0.RELEASE
1.3.1.RELEASE