376 matches found
am.ik.home:uaa-client (>=1.3.0 <=1.8.1), am.ik.home:uaa-integration-test (>=1.3.0 <=1.8.1) +229 more potentially affected by CVE-2018-1273 via org.springframework.data:spring-data-commons (>=1.13.0.RELEASE <=1.13.10.RELEASE)
org.springframework.data:spring-data-commons MAVEN version =1.13.0.RELEASE, =1.3.0, =1.3.0, =1.3.0, =0.0.1, =0.2.0, =1.0.6, =6.2.0.6, =6.2.0.5, =6.2.0.4, =6.2.0.4, =6.2.0.5, =1.2.0, =1.2.0, =1.6.6 and more Source cves: CVE-2018-1273 Source advisory: OSV:GHSA-4FQ3-MR56-CG6R...
GHSA-4FQ3-MR56-CG6R Spring Data Commons remote code injection vulnerability
Spring Data Commons, versions prior to 1.13 to 1.13.10, 2.0 to 2.0.5, and older unsupported versions, contain a property binder vulnerability caused by improper neutralization of special elements. An unauthenticated remote malicious user or attacker can supply specially crafted request parameters...
Spring Data Commons remote code injection vulnerability
Spring Data Commons, versions prior to 1.13 to 1.13.10, 2.0 to 2.0.5, and older unsupported versions, contain a property binder vulnerability caused by improper neutralization of special elements. An unauthenticated remote malicious user or attacker can supply specially crafted request parameters...
Exploit for Code Injection in Pivotal_Software Spring_Data_Commons
CVE-2018-1273 Spring Data Commons, versions prior to 1.13 to...
spring-boot: Malicious PATCH requests submitted to servers can use specially crafted JSON data to run arbitrary Java code
Malicious PATCH requests submitted to servers using Spring Data REST versions prior to 2.6.9 Ingalls SR9, versions prior to 3.0.1 Kay SR1 and Spring Boot versions prior to 1.5.9, 2.0 M6 can use specially crafted JSON data to run arbitrary Java code...
Pivotal Spring Data Commons / Spring Data REST XXE File Disclosure
XXE file disclosure in Pivotal Spring Data Commons / Spring Data REST Vulnerability Type: File Disclosure For the exploit source code contact DSquare Security sales team...
spring-data-commons: XXE with Spring Data’s XMLBeam integration
Spring Data Commons, versions 1.13 prior to 1.13.12 and 2.0 prior to 2.0.7, used in combination with XMLBeam 1.4.14 or earlier versions, contains a property binder vulnerability caused by improper restriction of XML external entity references as underlying library XMLBeam does not restrict extern...
CVE-2018-1259
Spring Data Commons, versions 1.13 prior to 1.13.12 and 2.0 prior to 2.0.7, used in combination with XMLBeam 1.4.14 or earlier versions, contains a property binder vulnerability caused by improper restriction of XML external entity references as underlying library XMLBeam does not restrict extern...
Pivotal Spring Data Commons Arbitrary File Read Vulnerability
Pivotal Spring Data Commons is a project of Pivotal Software, Inc. in the United States to provide data access based on the Spring model. A security vulnerability in Pivotal Spring Data Commons version 1.13 prior to 1.13.12 and version 2.0 prior to 2.0.7 stems from the program's failure to proper...
Xxe
Spring Data Commons, versions 1.13 prior to 1.13.12 and 2.0 prior to 2.0.7, used in combination with XMLBeam 1.4.14 or earlier versions, contains a property binder vulnerability caused by improper restriction of XML external entity references as underlying library XMLBeam does not restrict extern...
CVE-2018-1259
Spring Data Commons, versions 1.13 prior to 1.13.12 and 2.0 prior to 2.0.7, used in combination with XMLBeam 1.4.14 or earlier versions, contains a property binder vulnerability caused by improper restriction of XML external entity references as underlying library XMLBeam does not restrict extern...
CVE-2018-1259
Spring Data Commons, versions 1.13 prior to 1.13.12 and 2.0 prior to 2.0.7, used in combination with XMLBeam 1.4.14 or earlier versions, contains a property binder vulnerability caused by improper restriction of XML external entity references as underlying library XMLBeam does not restrict extern...
CVE-2018-1259
CVE-2018-1259 involves Spring Data Commons (versions 1.13 before 1.13.12 and 2.0 before 2.0.7) used with XMLBeam 1.4.14 or earlier. The vulnerability is due to improper restriction of XML external entity references, causing an XMLBeam-based property binder to be vulnerable to an XXE attack. An un...
CVE-2018-1259
Spring Data Commons, versions 1.13 prior to 1.13.12 and 2.0 prior to 2.0.7, used in combination with XMLBeam 1.4.14 or earlier versions, contains a property binder vulnerability caused by improper restriction of XML external entity references as underlying library XMLBeam does not restrict extern...
PT-2018-11275
Name of the Vulnerable Software and Affected Versions Spring Data Commons versions 1.13 prior to 1.13.12 Spring Data Commons versions 2.0 prior to 2.0.7 Description The issue is caused by improper restriction of XML external entity references in the underlying library XMLBeam, which does not...
XML External Entity (XXE)
spring-data-commons is vulnerable to XML external entity XXE attacks. The application does not explicitly disable document type declarations by default, allowing a malicious user to pass an XML file that can lead to information disclosure...
CVE-2018-1273: RCE with Spring Data Commons
...
Path traversal
Spring Data Commons, versions 1.13 to 1.13.10, 2.0 to 2.0.5, and older unsupported versions, contain a property path parser vulnerability caused by unlimited resource allocation. An unauthenticated remote malicious user or attacker can issue requests against Spring Data REST endpoints or endpoint...
CVE-2018-1274
Spring Data Commons, versions 1.13 to 1.13.10, 2.0 to 2.0.5, and older unsupported versions, contain a property path parser vulnerability caused by unlimited resource allocation. An unauthenticated remote malicious user or attacker can issue requests against Spring Data REST endpoints or endpoint...
CVE-2018-1274
Spring Data Commons, versions 1.13 to 1.13.10, 2.0 to 2.0.5, and older unsupported versions, contain a property path parser vulnerability caused by unlimited resource allocation. An unauthenticated remote malicious user or attacker can issue requests against Spring Data REST endpoints or endpoint...