CVE-2018-1274

Spring Data Commons contains a property path parser vulnerability caused by unlimited resource allocation. Affected versions are 1.13 to 1.13.10 and 2.0 to 2.0.5 (and older unsupported versions). An unauthenticated remote attacker can issue requests against Spring Data REST endpoints or endpoints...

Exploit for Code Injection in Pivotal_Software Spring_Data_Commons

CVE-2018-1273 Spring Data Commons, versions prior to 1.13 to...

Spring Data Commons Denial of Service Vulnerability

Spring Data is a project module in the Spring Framework that provides access to the underlying data , Spring Data Commons is a shared base module . A denial of service vulnerability exists in Spring Data Commons. Because the Spring Data Commons module does not limit resource allocation when parsi...

Spring Data Commons Remote Code Execution Vulnerability

Spring Data is a project module in the Spring Framework that provides access to the underlying data , Spring Data Commons is a shared base module . A remote code execution vulnerability exists in Spring Data Commons. The vulnerability is due to the Spring Data Commons module using SpEl expression...

CVE-2018-1273

Spring Data Commons, versions prior to 1.13 to 1.13.10, 2.0 to 2.0.5, and older unsupported versions, contain a property binder vulnerability caused by improper neutralization of special elements. An unauthenticated remote malicious user or attacker can supply specially crafted request parameters...

Design/Logic Flaw

Spring Data Commons, versions prior to 1.13 to 1.13.10, 2.0 to 2.0.5, and older unsupported versions, contain a property binder vulnerability caused by improper neutralization of special elements. An unauthenticated remote malicious user or attacker can supply specially crafted request parameters...

CVE-2018-1273

Spring Data Commons, versions prior to 1.13 to 1.13.10, 2.0 to 2.0.5, and older unsupported versions, contain a property binder vulnerability caused by improper neutralization of special elements. An unauthenticated remote malicious user or attacker can supply specially crafted request parameters...

CVE-2018-1273

CVE-2018-1273 is a remote code execution vulnerability in Spring Data Commons (affecting versions prior to 1.13.10 and 2.0–2.0.5, plus older unsupported builds). An unauthenticated attacker could supply crafted request parameters against Spring Data REST HTTP resources or via Spring Data projecti...

CVE-2018-1273

Spring Data Commons, versions prior to 1.13 to 1.13.10, 2.0 to 2.0.5, and older unsupported versions, contain a property binder vulnerability caused by improper neutralization of special elements. An unauthenticated remote malicious user or attacker can supply specially crafted request parameters...

CVE-2018-1274

Spring Data Commons, versions 1.13 to 1.13.10, 2.0 to 2.0.5, and older unsupported versions, contain a property path parser vulnerability caused by unlimited resource allocation. An unauthenticated remote malicious user or attacker can issue requests against Spring Data REST endpoints or endpoint...

Denial Of Service (DoS)

spring-data-commons is vulnerable to denial-of-service DoS attacks. The vulnerability exists due to the lack of sane limits of depths when parsing a PropertyPath value, allowing attackers to cause a DoS attack through CPU and memory consumption by specifying a path with a large amount of depth...

Remote Code Execution (RCE)

spring-data-commons is vulnerable to remote code execution RCE attacks. The vulnerability exists due to the improper sanitization of special elements that can be used as gadgets to achieve remote code execution RCE when evaluated...

CVE-2018-1273

Spring Data Commons, versions prior to 1.13 to 1.13.10, 2.0 to 2.0.5, and older unsupported versions, contain a property binder vulnerability caused by improper neutralization of special elements. An unauthenticated remote malicious user or attacker can supply specially crafted request parameters...

PT-2018-3847 · Spring · Spring Data Commons

Name of the Vulnerable Software and Affected Versions: Spring Data Commons versions prior to 1.13.10 Spring Data Commons versions 2.0 to 2.0.5 Spring Data Commons older unsupported versions Description: The issue is caused by improper neutralization of special elements, leading to a property bind...

spring-data-commons

It is...