Spring Data Commons Security Vulnerabilities and Issues — Spring Data Commons CVE List

BroadcomSpring Data Commons

7 matches found

CVE•added 2018/04/11 1:0 p.m.•1162 views

CVE-2018-1273

CVE-2018-1273 is a remote code execution vulnerability in Spring Data Commons (affecting versions prior to 1.13.10 and 2.0–2.0.5, plus older unsupported builds). An unauthenticated attacker could supply crafted request parameters against Spring Data REST HTTP resources or via Spring Data projecti...

9.8CVSS9.6AI score0.95649EPSS

In wildWeb

CVE•added 2018/05/11 8:0 p.m.•133 views

CVE-2018-1259

CVE-2018-1259 involves Spring Data Commons (versions 1.13 before 1.13.12 and 2.0 before 2.0.7) used with XMLBeam 1.4.14 or earlier. The vulnerability is due to improper restriction of XML external entity references, causing an XMLBeam-based property binder to be vulnerable to an XXE attack. An un...

7.5CVSS7.5AI score0.05289EPSS

CVE•added 2018/04/18 4:0 p.m.•117 views

CVE-2018-1274

Spring Data Commons contains a property path parser vulnerability caused by unlimited resource allocation. Affected versions are 1.13 to 1.13.10 and 2.0 to 2.0.5 (and older unsupported versions). An unauthenticated remote attacker can issue requests against Spring Data REST endpoints or endpoints...

7.5CVSS7.4AI score0.01969EPSS

CVE•added 2026/06/09 11:48 p.m.•41 views

CVE-2026-41721

Spring Data Commons vulnerability (CVE-2026-41721) can cause a Denial of Service when Spring Data Web Support is enabled and a controller uses @ProjectedPayload; a specially crafted HTTP request may cause excessive memory allocation. Affected versions include Spring Data Commons 4.0.0–4.0.5; 3.5....

5.9CVSS5.5AI score0.00331EPSS

CVE•added 2026/06/09 11:48 p.m.•39 views

CVE-2026-41716

CVE-2026-41716 affects Spring Data Commons (versions 2.7.0–2.7.19; 3.3.0–3.3.16; 3.4.0–3.4.14; 3.5.0–3.5.11; 4.0.0–4.0.5). The issue is in Spring Data’s internal property-lookup cache, which accepts and permanently retains attacker-supplied strings as cache keys, enabling heap exhaustion through ...

7.5CVSS5.5AI score0.00363EPSS

CVE•added 2026/06/09 11:47 p.m.•37 views

CVE-2026-41695

Spring Data Commons contains a Denial of Service risk (CVE-2026-41695) caused by resource exhaustion during property path resolution in MappingContext. Affected versions are Spring Data Commons 4.0.0–4.0.5; 3.5.0–3.5.11; 3.4.0–3.4.14. The provided documents describe the issue and affected release...

7.5CVSS5.4AI score0.00363EPSS

CVE•added 2026/06/09 11:48 p.m.•35 views

CVE-2026-41711

Summary: CVE-2026-41711 affects Spring Data Commons and can cause a Denial of Service via a StackOverflowException when parsing Sort parameters. Affected versions include 4.0.0–4.0.5; 3.5.0–3.5.11; 3.4.0–3.4.14; 3.3.0–3.3.16; 3.2.0–3.2.15; 3.1.0–3.1.14; 3.0.0–3.0.15; 2.7.0–2.7.19. The provided do...

5.9CVSS5.4AI score0.0028EPSS