CVE-2017-8046 – org.springframework.boot:spring-boot-starter-data-rest

Package

Manager: maven
Name: org.springframework.boot:spring-boot-starter-data-rest
Vulnerable Version: >=0 <1.5.9.release

Severity

Level: Low

CVSS v3.1: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L

CVSS v4.0: CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

EPSS: N/A pctlN/A

Details

Affected versions of this package are vulnerable to Arbitrary Code Execution. It is caused due to the way Spring uses it's own expression language in the Data REST component.

Metadata

Created:
Modified:
Source: MANUAL
CWE IDs: ["CWE-94"]
Alternative ID: N/A
Finding: F184
Auto approve: 1