CVE-2018-1229: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

May 13, 2022 (updated January 5, 2024)

Pivotal Spring Batch Admin, all versions, contains a stored XSS vulnerability in the file upload feature. An unauthenticated malicious user with network access to Spring Batch Admin could store an arbitrary web script that would be executed by other users. This issue has not been patched because Spring Batch Admin has reached end of life.

References

www.securityfocus.com/bid/103462
github.com/advisories/GHSA-4cj8-779h-r25h
nvd.nist.gov/vuln/detail/CVE-2018-1229
pivotal.io/security/cve-2018-1229

Code Behaviors & Features

Detect and mitigate CVE-2018-1229 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →