3 matches found
CVE-2018-1274
Spring Data Commons contains a property path parser vulnerability caused by unlimited resource allocation. Affected versions are 1.13 to 1.13.10 and 2.0 to 2.0.5 (and older unsupported versions). An unauthenticated remote attacker can issue requests against Spring Data REST endpoints or endpoints...
CVE-2026-41721
Spring Data Commons vulnerability (CVE-2026-41721) can cause a Denial of Service when Spring Data Web Support is enabled and a controller uses @ProjectedPayload; a specially crafted HTTP request may cause excessive memory allocation. Affected versions include Spring Data Commons 4.0.0–4.0.5; 3.5....
CVE-2026-41711
Summary: CVE-2026-41711 affects Spring Data Commons and can cause a Denial of Service via a StackOverflowException when parsing Sort parameters. Affected versions include 4.0.0–4.0.5; 3.5.0–3.5.11; 3.4.0–3.4.14; 3.3.0–3.3.16; 3.2.0–3.2.15; 3.1.0–3.1.14; 3.0.0–3.0.15; 2.7.0–2.7.19. The provided do...