Lucene search
K

87 matches found

GithubExploit
GithubExploit
added 2019/04/29 3:43 a.m.5 views

Exploit for Code Injection in Pivotal_Software Spring_Data_Commons

CVE-2018-1273 Spring Data Commons RCE 远程命令执行漏洞 usage !...

9.8CVSS8.6AI score0.95649EPSS
Exploits9
VulnCheck KEV
VulnCheck KEV
added 2019/01/08 12:0 a.m.5 views

VulnCheck KEV: CVE-2018-1273

Spring Data Commons contains a property binder vulnerability which can allow an attacker to perform remote code execution...

9.8CVSS7.5AI score0.95649EPSS
Exploits9References1
RedHat Linux
RedHat Linux
added 2018/12/04 4:0 p.m.2 views

spring-data-commons: XXE with Spring Data’s XMLBeam integration

Spring Data Commons, versions 1.13 prior to 1.13.12 and 2.0 prior to 2.0.7, used in combination with XMLBeam 1.4.14 or earlier versions, contains a property binder vulnerability caused by improper restriction of XML external entity references as underlying library XMLBeam does not restrict extern...

7.5CVSS7.5AI score0.0497EPSS
Exploits1References4
vulnersOsv
vulnersOsv
added 2018/10/17 5:23 p.m.10 views

ai.ylyue:yue-library-data-redis (>=Finchley.SR2.SR1 <=Finchley.SR4.1), am.ik.blog:blog-mapper (=4.6.0) +604 more potentially affected by CVE-2018-1274 via org.springframework.data:spring-data-commons (>=2.0.0.RELEASE <=2.0.5.RELEASE)

org.springframework.data:spring-data-commons MAVEN version =2.0.0.RELEASE, =Finchley.SR2.SR1, =2.0.3.RELEASE, =1.0.3.RELEASE, =1.0.0, =0.9.1, =1.0, =1.0, =1.2 and more Source cves: CVE-2018-1274 Source advisory: OSV:GHSA-5Q8M-MQMX-PXP9...

7.5CVSS7.1AI score0.01969EPSS
Exploits0
OSV
OSV
added 2018/10/17 5:23 p.m.27 views

GHSA-5Q8M-MQMX-PXP9 Spring Data Commons contain a property path parser vulnerability caused by unlimited resource allocation

Spring Data Commons, versions 1.13 to 1.13.10, 2.0 to 2.0.5, and older unsupported versions, contain a property path parser vulnerability caused by unlimited resource allocation. An unauthenticated remote malicious user or attacker can issue requests against Spring Data REST endpoints or endpoint...

7.5CVSS7.4AI score0.01969EPSS
Exploits0References7
Github Security Blog
Github Security Blog
added 2018/10/17 5:23 p.m.64 views

Spring Data Commons contain a property path parser vulnerability caused by unlimited resource allocation

Spring Data Commons, versions 1.13 to 1.13.10, 2.0 to 2.0.5, and older unsupported versions, contain a property path parser vulnerability caused by unlimited resource allocation. An unauthenticated remote malicious user or attacker can issue requests against Spring Data REST endpoints or endpoint...

7.5CVSS3.9AI score0.01969EPSS
Exploits0References7Affected Software1
vulnersOsv
vulnersOsv
added 2018/10/17 5:23 p.m.5 views

ai.ylyue:yue-library-data-redis (>=Finchley.SR2.SR1 <=Finchley.SR4.1), am.ik.blog:blog-mapper (=4.6.0) +677 more potentially affected by CVE-2018-1259 via org.springframework.data:spring-data-commons (>=2.0.0.RELEASE <=2.0.6.RELEASE)

org.springframework.data:spring-data-commons MAVEN version =2.0.0.RELEASE, =Finchley.SR2.SR1, =2.0.3.RELEASE, =1.0.3.RELEASE, =1.0.0, =0.9.1, =1.1.4, =1.4.1, =1.5.1.beta - cn.com.zhaoweiping:Alpha-Framework =2.0.0.RELEASE - cn.gudqs:platform =1.0 and more Source cves: CVE-2018-1259 Source advisor...

7.5CVSS7.1AI score0.0497EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2018/10/17 5:23 p.m.3 views

am.ik.home:uaa-client (>=1.3.0 <=1.8.1), am.ik.home:uaa-integration-test (>=1.3.0 <=1.8.1) +355 more potentially affected by CVE-2018-1259 via org.springframework.data:spring-data-commons (>=1.13.0.RELEASE <=1.13.11.RELEASE)

org.springframework.data:spring-data-commons MAVEN version =1.13.0.RELEASE, =1.3.0, =1.3.0, =1.3.0, =0.0.1, =0.2.0, =1.0.6, =1.0.0-RC1, =1.0.0-RC1, =6.2.0.6, =6.2.0.5, =6.2.0.4, =6.2.0.4, =6.2.0.5, =6.2.0.5-oss - com.att.ocnp.mgmt:grm-edge-service =1.1.18-oss and more Source cves: CVE-2018-1259...

7.5CVSS7.1AI score0.0497EPSS
Exploits1
OSV
OSV
added 2018/10/17 5:23 p.m.24 views

GHSA-M929-7FR6-CVJG Spring Data Commons, used in combination with XMLBeam, contains a property binder vulnerability caused by improper restriction of XML external entity references

Spring Data Commons, versions 1.13 prior to 1.13.12 and 2.0 prior to 2.0.7, used in combination with XMLBeam 1.4.14 or earlier versions, contains a property binder vulnerability caused by improper restriction of XML external entity references as underlying library XMLBeam does not restrict extern...

7.5CVSS7.6AI score0.0497EPSS
Exploits1References6
Github Security Blog
Github Security Blog
added 2018/10/17 5:23 p.m.38 views

Spring Data Commons, used in combination with XMLBeam, contains a property binder vulnerability caused by improper restriction of XML external entity references

Spring Data Commons, versions 1.13 prior to 1.13.12 and 2.0 prior to 2.0.7, used in combination with XMLBeam 1.4.14 or earlier versions, contains a property binder vulnerability caused by improper restriction of XML external entity references as underlying library XMLBeam does not restrict extern...

7.5CVSS3.7AI score0.0497EPSS
Exploits1References6Affected Software1
vulnersOsv
vulnersOsv
added 2018/10/17 5:23 p.m.7 views

am.ik.home:uaa-client (>=1.3.0 <=1.8.1), am.ik.home:uaa-integration-test (>=1.3.0 <=1.8.1) +229 more potentially affected by CVE-2018-1273 via org.springframework.data:spring-data-commons (>=1.13.0.RELEASE <=1.13.10.RELEASE)

org.springframework.data:spring-data-commons MAVEN version =1.13.0.RELEASE, =1.3.0, =1.3.0, =1.3.0, =0.0.1, =0.2.0, =1.0.6, =6.2.0.6, =6.2.0.5, =6.2.0.4, =6.2.0.4, =6.2.0.5, =1.2.0, =1.2.0, =1.6.6 and more Source cves: CVE-2018-1273 Source advisory: OSV:GHSA-4FQ3-MR56-CG6R...

9.8CVSS7.2AI score0.95649EPSS
Exploits9
vulnersOsv
vulnersOsv
added 2018/10/17 5:23 p.m.3 views

ai.ylyue:yue-library-data-redis (>=Finchley.SR2.SR1 <=Finchley.SR4.1), am.ik.blog:blog-mapper (=4.6.0) +604 more potentially affected by CVE-2018-1273 via org.springframework.data:spring-data-commons (>=2.0.0.RELEASE <=2.0.5.RELEASE)

org.springframework.data:spring-data-commons MAVEN version =2.0.0.RELEASE, =Finchley.SR2.SR1, =2.0.3.RELEASE, =1.0.3.RELEASE, =1.0.0, =0.9.1, =1.0, =1.0, =1.2 and more Source cves: CVE-2018-1273 Source advisory: OSV:GHSA-4FQ3-MR56-CG6R...

9.8CVSS7.2AI score0.95649EPSS
Exploits9
OSV
OSV
added 2018/10/17 5:23 p.m.47 views

GHSA-4FQ3-MR56-CG6R Spring Data Commons remote code injection vulnerability

Spring Data Commons, versions prior to 1.13 to 1.13.10, 2.0 to 2.0.5, and older unsupported versions, contain a property binder vulnerability caused by improper neutralization of special elements. An unauthenticated remote malicious user or attacker can supply specially crafted request parameters...

9.8CVSS9.7AI score0.95649EPSS
Exploits9References9
Github Security Blog
Github Security Blog
added 2018/10/17 5:23 p.m.57 views

Spring Data Commons remote code injection vulnerability

Spring Data Commons, versions prior to 1.13 to 1.13.10, 2.0 to 2.0.5, and older unsupported versions, contain a property binder vulnerability caused by improper neutralization of special elements. An unauthenticated remote malicious user or attacker can supply specially crafted request parameters...

9.8CVSS4.2AI score0.95649EPSS
Exploits9References8Affected Software1
GithubExploit
GithubExploit
added 2018/10/05 2:42 p.m.12 views

Exploit for Code Injection in Pivotal_Software Spring_Data_Commons

CVE-2018-1273 Spring Data Commons, versions prior to 1.13 to...

9.8CVSS9.1AI score0.95649EPSS
Exploits9
Dsquare
Dsquare
added 2018/07/27 12:0 a.m.849 views

Pivotal Spring Data Commons / Spring Data REST XXE File Disclosure

XXE file disclosure in Pivotal Spring Data Commons / Spring Data REST Vulnerability Type: File Disclosure For the exploit source code contact DSquare Security sales team...

5CVSS0.2AI score0.0497EPSS
Exploits1
RedHat Linux
RedHat Linux
added 2018/06/07 8:25 a.m.4 views

spring-data-commons: XXE with Spring Data’s XMLBeam integration

Spring Data Commons, versions 1.13 prior to 1.13.12 and 2.0 prior to 2.0.7, used in combination with XMLBeam 1.4.14 or earlier versions, contains a property binder vulnerability caused by improper restriction of XML external entity references as underlying library XMLBeam does not restrict extern...

7.5CVSS7.5AI score0.0497EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2018/05/16 3:19 p.m.36 views

CVE-2018-1259

Spring Data Commons, versions 1.13 prior to 1.13.12 and 2.0 prior to 2.0.7, used in combination with XMLBeam 1.4.14 or earlier versions, contains a property binder vulnerability caused by improper restriction of XML external entity references as underlying library XMLBeam does not restrict extern...

7.5CVSS3.8AI score0.0497EPSS
Exploits1References1
CNVD
CNVD
added 2018/05/15 12:0 a.m.2 views

Pivotal Spring Data Commons Arbitrary File Read Vulnerability

Pivotal Spring Data Commons is a project of Pivotal Software, Inc. in the United States to provide data access based on the Spring model. A security vulnerability in Pivotal Spring Data Commons version 1.13 prior to 1.13.12 and version 2.0 prior to 2.0.7 stems from the program's failure to proper...

7.5CVSS7AI score0.0497EPSS
Exploits1References1
NVD
NVD
added 2018/05/11 8:29 p.m.35 views

CVE-2018-1259

Spring Data Commons, versions 1.13 prior to 1.13.12 and 2.0 prior to 2.0.7, used in combination with XMLBeam 1.4.14 or earlier versions, contains a property binder vulnerability caused by improper restriction of XML external entity references as underlying library XMLBeam does not restrict extern...

7.5CVSS7.6AI score0.0497EPSS
Exploits1References4
Rows per page
Query Builder