CVE-2018-1273

🗓️ 11 Apr 2018 13:00:00Reported by dellType

cve🔗 web.nvd.nist.gov📰️ 7 Media mentions👁 1162 Views🌐 WEB

Spring Data Commons, ver < 1.13 - 1.13.10, 2.0 - 2.0.5, property binder vulnerability, remote code execution

Reporter	Title	Published	Views	Family All 38
Gitee	Exploit for Code Injection in Pivotal_Software Spring_Data_Commons	11 Apr 202111:34	–	gitee
Gitee	Exploit for Code Injection in Pivotal_Software Spring_Data_Commons	15 Sep 202123:52	–	gitee
GithubExploit	Exploit for Code Injection in Pivotal_Software Spring_Data_Commons	17 Apr 201813:41	–	githubexploit
GithubExploit	Exploit for Code Injection in Pivotal_Software Spring_Data_Commons	6 Dec 202510:58	–	githubexploit
GithubExploit	Exploit for Code Injection in Pivotal_Software Spring_Data_Commons	29 Apr 201903:43	–	githubexploit
GithubExploit	Exploit for Code Injection in Pivotal_Software Spring_Data_Commons	9 Apr 202612:22	–	githubexploit
GithubExploit	Exploit for Code Injection in Pivotal_Software Spring_Data_Commons	5 Oct 201814:42	–	githubexploit
ATTACKERKB	CVE-2018-1273	11 Apr 201800:00	–	attackerkb
BDU FSTEC	The vulnerability of the SimpleEvaluationContext class in the Spring Data Commons data management platform and the Spring Data REST framework for creating web services allows a attacker to execute arbitrary code.	14 Nov 202200:00	–	bdu_fstec
Broadcom	CVE-2018-1273 Spring Data Commons, versions prior to 1.13 to 1.13.10, 2.0 to 2.0.5, and older unsupported versions,	29 Aug 202300:00	–	broadcom

NVD

Vulners

Node

broadcom spring_data_commonsRange≤1.12.10

broadcom spring_data_commonsRange1.13.0–1.13.10

broadcom spring_data_commonsRange2.0.0–2.0.5

Node

pivotal_software spring_data_restRange≤2.5.10

pivotal_software spring_data_restRange2.6.0–2.6.10

pivotal_software spring_data_restRange3.0.0–3.0.5

Node

apache igniteRange1.0.1–2.5.0

apache igniteMatch1.0.0-

apache igniteMatch1.0.0rc3

Node

oracle financial_services_crime_and_compliance_management_studioMatch8.0.8.2.0

oracle financial_services_crime_and_compliance_management_studioMatch8.0.8.3.0

[
  {
    "product": "Spring Framework",
    "vendor": "Spring by Pivotal",
    "versions": [
      {
        "status": "affected",
        "version": "Versions prior to 1.13 to 1.13.10, 2.0 to 2.0.5, and older unsupported versions"
      }
    ]
  }
]

Source	Link
oracle	www.oracle.com/security-alerts/cpujul2022.html
pivotal	www.pivotal.io/security/cve-2018-1273
mail-archives	www.mail-archives.apache.org/mod_mbox/ignite-dev/201807.mbox/%3CCAK0qHnqzfzmCDFFi6c5Jok19zNkVCz5Xb4sU%3D0f2J_1i4p46zQ%40mail.gmail.com%3E
cisa	www.cisa.gov/known-exploited-vulnerabilities-catalog

Parameter	Position	Path	Description	CWE
name[#this.getClass().forName('java.lang.Runtime').getRuntime().exec('calc.exe')]=123	request body	/account	Remote code execution via unsafe parameter binding in Spring Data Commons vulnerability (CVE-2018-1273).	CWE-94

17 Jun 2026 01:50Current

9.6High risk

Vulners AI Score9.6

CVSS 27.5

CVSS 3.19.8

EPSS0.95649

SSVC