Spring Data Commons Security Vulnerabilities and Issues — Spring Data Commons CVE List

Lucene search

Pivotal SoftwareSpring Data Commons

3 matches found

CVE•added 2018/04/11 1:29 p.m.•1090 views

CVE-2018-1273

Spring Data Commons, versions prior to 1.13 to 1.13.10, 2.0 to 2.0.5, and older unsupported versions, contain a property binder vulnerability caused by improper neutralization of special elements. An unauthenticated remote malicious user (or attacker) can supply specially crafted request parameters...

9.8CVSS9.6AI score0.94208EPSS

CVE•added 2018/05/11 8:29 p.m.•102 views

CVE-2018-1259

Spring Data Commons, versions 1.13 prior to 1.13.12 and 2.0 prior to 2.0.7, used in combination with XMLBeam 1.4.14 or earlier versions, contains a property binder vulnerability caused by improper restriction of XML external entity references as underlying library XMLBeam does not restrict external...

7.5CVSS7.5AI score0.15584EPSS

CVE•added 2018/04/18 4:29 p.m.•98 views

CVE-2018-1274

Spring Data Commons, versions 1.13 to 1.13.10, 2.0 to 2.0.5, and older unsupported versions, contain a property path parser vulnerability caused by unlimited resource allocation. An unauthenticated remote malicious user (or attacker) can issue requests against Spring Data REST endpoints or endpoint...

7.5CVSS7.4AI score0.00972EPSS