Exploit for Code Injection in Pivotal_Software Spring_Data_Commons

SpringBoot-Toolkit An interactive penetration-testing tool de...

Exploit for Code Injection in Pivotal_Software Spring_Data_Commons

SpringBoot-Toolkit An interactive penetration-testing tool de...

EUVD-2018-0511

Malware in sbrugna...

CVE-2018-1273 Spring Data Commons, versions prior to 1.13 to 1.13.10, 2.0 to 2.0.5, and older unsupported versions,

Spring Data Commons, versions prior to 1.13 to 1.13.10, 2.0 to 2.0.5, and older unsupported versions, contain a property binder vulnerability caused by improper neutralization of special elements. An unauthenticated remote malicious user or attacker can supply specially crafted request parameters...

K27053426: Spring data XML vulnerability CVE-2018-1259

Security Advisory Description Spring Data Commons, versions 1.13 prior to 1.13.12 and 2.0 prior to 2.0.7, used in combination with XMLBeam 1.4.14 or earlier versions, contains a property binder vulnerability caused by improper restriction of XML external entity references as underlying library...

Spring Data Commons < 1.13.11 / 2.x < 2.0.6 RCE

The version of Spring Data Commons installed on the remote host is affected by a remote code execution vulnerability. Spring Data Commons, versions prior to 1.13 to 1.13.10, 2.0 to 2.0.5, and older unsupported versions, contain a property binder vulnerability caused by improper neutralization of...

VMware Tanzu Spring Data Commons Property Binder Vulnerability

Spring Data Commons contains a property binder vulnerability which can allow an attacker to perform remote code execution...

Exploit for Code Injection in Pivotal_Software Spring_Data_Commons

Based on the provided code and metadata, here is a description of the repository and its contents: Repository: This repository appears to be a Maven wrapper for the Apache Maven project, specifically version 3.5.3. The repository contains metadata and configuration files for the Maven wrapper,...

Exploit for Code Injection in Pivotal_Software Spring_Data_Commons

Zhengjim - 漏洞复现 搭漏洞环境是一个繁琐的事情，这里记录下自己学习搭各种环境的记录。部分利用Vulhub一个面向大众的开源漏洞靶场，来搭建漏洞环境，比较方便。（主要懒！） 漏洞 1. S2-057命令执行漏洞 2. ghostscript命令执行漏洞 3. weblogic反序列化漏洞CVE-2018-2628 4. Elasticsearch-Kibana本地包含漏洞CVE-2018-17246 5. ThinkPHP5.x版本命令执行漏洞 6. WordPressRESTAPI内容注入漏洞 7. Git漏洞允许任意代码执行CVE-2018-17456 8. Apache...

CVE-2018-1273

Spring Data Commons, versions prior to 1.13 to 1.13.10, 2.0 to 2.0.5, and older unsupported versions, contain a property binder vulnerability caused by improper neutralization of special elements. An unauthenticated remote malicious user or attacker can supply specially crafted request parameters...

Exploit for Code Injection in Pivotal_Software Spring_Data_Commons

CVE-2018-1273 Spring Data Commons RCE 远程命令执行漏洞 usage !...

VulnCheck KEV: CVE-2018-1273

Spring Data Commons contains a property binder vulnerability which can allow an attacker to perform remote code execution...

spring-data-commons: XXE with Spring Data’s XMLBeam integration

Spring Data Commons, versions 1.13 prior to 1.13.12 and 2.0 prior to 2.0.7, used in combination with XMLBeam 1.4.14 or earlier versions, contains a property binder vulnerability caused by improper restriction of XML external entity references as underlying library XMLBeam does not restrict extern...

am.ik.home:uaa-client (>=1.0.0 <=1.8.1), am.ik.home:uaa-integration-test (>=1.0.0 <=1.8.1) +1130 more potentially affected by CVE-2018-1274 via org.springframework.data:spring-data-commons (>=1.10.0.RELEASE <=1.13.10.RELEASE)

org.springframework.data:spring-data-commons MAVEN version =1.10.0.RELEASE, =1.0.0, =1.0.0, =1.0.0, =0.0.1, =1, =1, =1, =1, =1, =1, =0.0.1, =0.1.0, =1.0.0, =1.0.2 and more Source cves: CVE-2018-1274 Source advisory: OSV:GHSA-5Q8M-MQMX-PXP9...

ai.ylyue:yue-library-data-redis (>=Finchley.SR2.SR1 <=Finchley.SR4.1), am.ik.blog:blog-mapper (=4.6.0) +604 more potentially affected by CVE-2018-1274 via org.springframework.data:spring-data-commons (>=2.0.0.RELEASE <=2.0.5.RELEASE)

org.springframework.data:spring-data-commons MAVEN version =2.0.0.RELEASE, =Finchley.SR2.SR1, =2.0.3.RELEASE, =1.0.3.RELEASE, =1.0.0, =0.9.1, =1.0, =1.0, =1.2 and more Source cves: CVE-2018-1274 Source advisory: OSV:GHSA-5Q8M-MQMX-PXP9...

Spring Data Commons contain a property path parser vulnerability caused by unlimited resource allocation

Spring Data Commons, versions 1.13 to 1.13.10, 2.0 to 2.0.5, and older unsupported versions, contain a property path parser vulnerability caused by unlimited resource allocation. An unauthenticated remote malicious user or attacker can issue requests against Spring Data REST endpoints or endpoint...

GHSA-5Q8M-MQMX-PXP9 Spring Data Commons contain a property path parser vulnerability caused by unlimited resource allocation

Spring Data Commons, versions 1.13 to 1.13.10, 2.0 to 2.0.5, and older unsupported versions, contain a property path parser vulnerability caused by unlimited resource allocation. An unauthenticated remote malicious user or attacker can issue requests against Spring Data REST endpoints or endpoint...

ai.ylyue:yue-library-data-redis (>=Finchley.SR2.SR1 <=Finchley.SR4.1), am.ik.blog:blog-mapper (=4.6.0) +677 more potentially affected by CVE-2018-1259 via org.springframework.data:spring-data-commons (>=2.0.0.RELEASE <=2.0.6.RELEASE)

org.springframework.data:spring-data-commons MAVEN version =2.0.0.RELEASE, =Finchley.SR2.SR1, =2.0.3.RELEASE, =1.0.3.RELEASE, =1.0.0, =0.9.1, =1.1.4, =1.4.1, =1.5.1.beta - cn.com.zhaoweiping:Alpha-Framework =2.0.0.RELEASE - cn.gudqs:platform =1.0 and more Source cves: CVE-2018-1259 Source advisor...

am.ik.home:uaa-client (>=1.3.0 <=1.8.1), am.ik.home:uaa-integration-test (>=1.3.0 <=1.8.1) +355 more potentially affected by CVE-2018-1259 via org.springframework.data:spring-data-commons (>=1.13.0.RELEASE <=1.13.11.RELEASE)

org.springframework.data:spring-data-commons MAVEN version =1.13.0.RELEASE, =1.3.0, =1.3.0, =1.3.0, =0.0.1, =0.2.0, =1.0.6, =1.0.0-RC1, =1.0.0-RC1, =6.2.0.6, =6.2.0.5, =6.2.0.4, =6.2.0.4, =6.2.0.5, =6.2.0.5-oss - com.att.ocnp.mgmt:grm-edge-service =1.1.18-oss and more Source cves: CVE-2018-1259...

Spring Data Commons, used in combination with XMLBeam, contains a property binder vulnerability caused by improper restriction of XML external entity references

Spring Data Commons, versions 1.13 prior to 1.13.12 and 2.0 prior to 2.0.7, used in combination with XMLBeam 1.4.14 or earlier versions, contains a property binder vulnerability caused by improper restriction of XML external entity references as underlying library XMLBeam does not restrict extern...