CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

376 matches found

RedhatCVE•added 2018/03/08 4:49 a.m.•34 views

CVE-2017-8046

Malicious PATCH requests submitted to servers using Spring Data REST versions prior to 2.6.9 Ingalls SR9, versions prior to 3.0.1 Kay SR1 and Spring Boot versions prior to 1.5.9, 2.0 M6 can use specially crafted JSON data to run arbitrary Java code...

10CVSS4.4AI score0.72782EPSS

Exploits6References1

seebug.org•added 2018/03/07 12:0 a.m.•101 views

Spring data rest 远程代码执行(cve-2017-8046)

漏洞描述漏洞描述 Spring Data Rest 在处理 PATCH 请求时存在RCE高危漏洞, 可以使用手工构造的JSON数据构造恶意PATCH请求提交至spring-data-rest服务器，使得服务器运行恶意JAVA代码。Spring Data Rest项目的目标是提供一种灵活的、可配置的机制，编写出可以对外暴露出HTTP协议的简单服务。 Git地址: https://github.com/spring-projects/spring-data-rest 漏洞来源: https://pivotal.io/security/cve-2017-8046 影响版本： Spring...

7.5CVSS0.1AI score0.72782EPSS

Exploits6

Prion•added 2018/01/04 6:29 a.m.•20 views

Code injection

7.5CVSS9.3AI score0.72782EPSS

Exploits6References4Affected Software2

OSV•added 2018/01/04 6:29 a.m.•19 views

CVE-2017-8046

9.8CVSS9.6AI score0.72782EPSS

Exploits6References4

NVD•added 2018/01/04 6:29 a.m.•22 views

CVE-2017-8046

9.8CVSS9.4AI score0.72782EPSS

Exploits6References4

Cvelist•added 2018/01/04 6:0 a.m.•24 views

CVE-2017-8046

9.5AI score0.72782EPSS

Exploits6References4

CVE•added 2018/01/04 6:0 a.m.•243 views

CVE-2017-8046

CVE-2017-8046 is a remote code execution vulnerability affecting Spring Data REST before versions 2.6.9 (Ingalls SR9) and 3.0.1 (Kay SR1), and Spring Boot before 1.5.9 or 2.0 M6. When processing specially crafted JSON in PATCH requests, an attacker could execute arbitrary Java code on affected se...

9.8CVSS9.2AI score0.72782EPSS

In wildExploits6References4Affected Software1

ATTACKERKB•added 2018/01/04 12:0 a.m.•82 views

CVE-2017-8046

9.8CVSS5AI score0.72782EPSS

In wildExploits6References5

seebug.org•added 2016/11/11 12:0 a.m.•110 views

Spring Data JPA Blind SQL Injection Vulnerability

PoC for blind SQL injection bug found in Solita Webhack 2016. Founders: Niklas Särökaari, Joona Immonen Analysis: Arto Santala, Niklas Särökaari, Joona Immonen, Antti Virtanen, Michael Holopainen PoC: Antti Ahola, Antti Virtanen CVE: https://pivotal.io/security/cve-2016-6652 This has been fixed i...

6.8CVSS7.2AI score0.00822EPSS

Exploits1

CNVD•added 2016/10/13 12:0 a.m.•3 views

Pivotal Spring Data JPA SQL Injection Vulnerability

Pivotal is a new company formed by EMC and VMware. A SQL injection vulnerability exists in Pivotal Spring Data JPA due to the program's inability to adequately clean user input data. An attacker could exploit the vulnerability to access and modify data...

6.8CVSS7.9AI score0.00822EPSS

Exploits1References1

NVD•added 2016/10/05 4:59 p.m.•20 views

CVE-2016-6652

SQL injection vulnerability in Pivotal Spring Data JPA before 1.9.6 Gosling SR6 and 1.10.x before 1.10.4 Hopper SR4, when used with a repository that defines a String query using the @Query annotation, allows attackers to execute arbitrary JPQL commands via a sort instance with a function call...

6.8CVSS6.3AI score0.00822EPSS

Exploits1References5

OSV•added 2016/10/05 4:59 p.m.•11 views

CVE-2016-6652

5.6CVSS6.2AI score0.00822EPSS

Exploits1References5

Prion•added 2016/10/05 4:59 p.m.•20 views

Sql injection

6.8CVSS8.7AI score0.00822EPSS

Exploits1References5Affected Software1

Cvelist•added 2016/10/05 4:0 p.m.•24 views

CVE-2016-6652

6.5AI score0.00822EPSS

Exploits1References5

CVE•added 2016/10/05 4:0 p.m.•81 views

CVE-2016-6652

The CVE-2016-6652 vulnerability affects Spring Data JPA prior to 1.9.6 (Gosling SR6) and 1.10.x prior to 1.10.4 (Hopper SR4). When using a repository method that defines a String query with @Query, an attacker can execute arbitrary JPQL commands through a sort parameter (via QueryUtils.applySorti...

6.8CVSS6.4AI score0.00822EPSS

Exploits1References5Affected Software1