Vulnerabilities > Pivotal Software > Spring Batch > 4.1.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-06-11 | CVE-2020-5411 | Deserialization of Untrusted Data vulnerability in Pivotal Software Spring Batch When configured to enable default typing, Jackson contained a deserialization vulnerability that could lead to arbitrary code execution. | 8.1 |
| 2019-01-18 | CVE-2019-3774 | XXE vulnerability in Pivotal Software Spring Batch Spring Batch versions 3.0.9, 4.0.1, 4.1.0, and older unsupported versions, were susceptible to XML External Entity Injection (XXE) when receiving XML data from untrusted sources. | 9.8 |