75 matches found
ai.ylyue:yue-library-data-redis (>=Finchley.SR2.SR1 <=Finchley.SR4.1), am.ik.blog:blog-mapper (=4.6.0) +604 more potentially affected by CVE-2018-1273 via org.springframework.data:spring-data-commons (>=2.0.0.RELEASE <=2.0.5.RELEASE)
org.springframework.data:spring-data-commons MAVEN version =2.0.0.RELEASE, =Finchley.SR2.SR1, =2.0.3.RELEASE, =1.0.3.RELEASE, =1.0.0, =0.9.1, =1.0, =1.0, =1.2 and more Source cves: CVE-2018-1273 Source advisory: OSV:GHSA-4FQ3-MR56-CG6R...
GHSA-4FQ3-MR56-CG6R Spring Data Commons remote code injection vulnerability
Spring Data Commons, versions prior to 1.13 to 1.13.10, 2.0 to 2.0.5, and older unsupported versions, contain a property binder vulnerability caused by improper neutralization of special elements. An unauthenticated remote malicious user or attacker can supply specially crafted request parameters...
am.ik.home:uaa-client (>=1.3.0 <=1.8.1), am.ik.home:uaa-integration-test (>=1.3.0 <=1.8.1) +229 more potentially affected by CVE-2018-1273 via org.springframework.data:spring-data-commons (>=1.13.0.RELEASE <=1.13.10.RELEASE)
org.springframework.data:spring-data-commons MAVEN version =1.13.0.RELEASE, =1.3.0, =1.3.0, =1.3.0, =0.0.1, =0.2.0, =1.0.6, =6.2.0.6, =6.2.0.5, =6.2.0.4, =6.2.0.4, =6.2.0.5, =1.2.0, =1.2.0, =1.6.6 and more Source cves: CVE-2018-1273 Source advisory: OSV:GHSA-4FQ3-MR56-CG6R...
Spring Data Commons remote code injection vulnerability
Spring Data Commons, versions prior to 1.13 to 1.13.10, 2.0 to 2.0.5, and older unsupported versions, contain a property binder vulnerability caused by improper neutralization of special elements. An unauthenticated remote malicious user or attacker can supply specially crafted request parameters...
Exploit for Code Injection in Pivotal_Software Spring_Data_Commons
CVE-2018-1273 Spring Data Commons, versions prior to 1.13 to...
Pivotal Spring Data Commons / Spring Data REST XXE File Disclosure
XXE file disclosure in Pivotal Spring Data Commons / Spring Data REST Vulnerability Type: File Disclosure For the exploit source code contact DSquare Security sales team...
spring-data-commons: XXE with Spring Data’s XMLBeam integration
Spring Data Commons, versions 1.13 prior to 1.13.12 and 2.0 prior to 2.0.7, used in combination with XMLBeam 1.4.14 or earlier versions, contains a property binder vulnerability caused by improper restriction of XML external entity references as underlying library XMLBeam does not restrict extern...
CVE-2018-1259
Spring Data Commons, versions 1.13 prior to 1.13.12 and 2.0 prior to 2.0.7, used in combination with XMLBeam 1.4.14 or earlier versions, contains a property binder vulnerability caused by improper restriction of XML external entity references as underlying library XMLBeam does not restrict extern...
Pivotal Spring Data Commons Arbitrary File Read Vulnerability
Pivotal Spring Data Commons is a project of Pivotal Software, Inc. in the United States to provide data access based on the Spring model. A security vulnerability in Pivotal Spring Data Commons version 1.13 prior to 1.13.12 and version 2.0 prior to 2.0.7 stems from the program's failure to proper...
CVE-2018-1259
Spring Data Commons, versions 1.13 prior to 1.13.12 and 2.0 prior to 2.0.7, used in combination with XMLBeam 1.4.14 or earlier versions, contains a property binder vulnerability caused by improper restriction of XML external entity references as underlying library XMLBeam does not restrict extern...
Xxe
Spring Data Commons, versions 1.13 prior to 1.13.12 and 2.0 prior to 2.0.7, used in combination with XMLBeam 1.4.14 or earlier versions, contains a property binder vulnerability caused by improper restriction of XML external entity references as underlying library XMLBeam does not restrict extern...
CVE-2018-1259
Spring Data Commons, versions 1.13 prior to 1.13.12 and 2.0 prior to 2.0.7, used in combination with XMLBeam 1.4.14 or earlier versions, contains a property binder vulnerability caused by improper restriction of XML external entity references as underlying library XMLBeam does not restrict extern...
CVE-2018-1259
Spring Data Commons, versions 1.13 prior to 1.13.12 and 2.0 prior to 2.0.7, used in combination with XMLBeam 1.4.14 or earlier versions, contains a property binder vulnerability caused by improper restriction of XML external entity references as underlying library XMLBeam does not restrict extern...
CVE-2018-1259
CVE-2018-1259 involves Spring Data Commons (versions 1.13 before 1.13.12 and 2.0 before 2.0.7) used with XMLBeam 1.4.14 or earlier. The vulnerability is due to improper restriction of XML external entity references, causing an XMLBeam-based property binder to be vulnerable to an XXE attack. An un...
XML External Entity (XXE)
spring-data-commons is vulnerable to XML external entity XXE attacks. The application does not explicitly disable document type declarations by default, allowing a malicious user to pass an XML file that can lead to information disclosure...
CVE-2018-1273: RCE with Spring Data Commons
...
CVE-2018-1274
Spring Data Commons, versions 1.13 to 1.13.10, 2.0 to 2.0.5, and older unsupported versions, contain a property path parser vulnerability caused by unlimited resource allocation. An unauthenticated remote malicious user or attacker can issue requests against Spring Data REST endpoints or endpoint...
Path traversal
Spring Data Commons, versions 1.13 to 1.13.10, 2.0 to 2.0.5, and older unsupported versions, contain a property path parser vulnerability caused by unlimited resource allocation. An unauthenticated remote malicious user or attacker can issue requests against Spring Data REST endpoints or endpoint...
CVE-2018-1274
Spring Data Commons, versions 1.13 to 1.13.10, 2.0 to 2.0.5, and older unsupported versions, contain a property path parser vulnerability caused by unlimited resource allocation. An unauthenticated remote malicious user or attacker can issue requests against Spring Data REST endpoints or endpoint...
CVE-2018-1274
Spring Data Commons, versions 1.13 to 1.13.10, 2.0 to 2.0.5, and older unsupported versions, contain a property path parser vulnerability caused by unlimited resource allocation. An unauthenticated remote malicious user or attacker can issue requests against Spring Data REST endpoints or endpoint...