CVE-2018-1274

Spring Data Commons, versions 1.13 to 1.13.10, 2.0 to 2.0.5, and older unsupported versions, contain a property path parser vulnerability caused by unlimited resource allocation. An unauthenticated remote malicious user or attacker can issue requests against Spring Data REST endpoints or endpoint...

Denial Of Service (DoS)

spring-data-commons is vulnerable to denial-of-service DoS attacks. The vulnerability exists due to the lack of sane limits of depths when parsing a PropertyPath value, allowing attackers to cause a DoS attack through CPU and memory consumption by specifying a path with a large amount of depth...

Remote Code Execution (RCE)

spring-data-commons is vulnerable to remote code execution RCE attacks. The vulnerability exists due to the improper sanitization of special elements that can be used as gadgets to achieve remote code execution RCE when evaluated...

CVE-2018-1273

Spring Data Commons, versions prior to 1.13 to 1.13.10, 2.0 to 2.0.5, and older unsupported versions, contain a property binder vulnerability caused by improper neutralization of special elements. An unauthenticated remote malicious user or attacker can supply specially crafted request parameters...

PT-2018-3847

Name of the Vulnerable Software and Affected Versions Spring Data Commons versions prior to 1.13.10 Spring Data Commons versions 2.0 to 2.0.5 Spring Data Commons older unsupported versions Description The issue is caused by improper neutralization of special elements, leading to a property binder...

spring-data-commons

It is...