CVE-2018-1274 – org.springframework.data:spring-data-commons

Package

Manager: maven
Name: org.springframework.data:spring-data-commons
Vulnerable Version: >=0 <1.13.11 || >=2.0.0 <2.0.6

Severity

Level: High

CVSS v3.1: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

EPSS: 0.00967 pctl0.75703

Details

Spring Data Commons contain a property path parser vulnerability caused by unlimited resource allocation Spring Data Commons, versions 1.13 to 1.13.10, 2.0 to 2.0.5, and older unsupported versions, contain a property path parser vulnerability caused by unlimited resource allocation. An unauthenticated remote malicious user (or attacker) can issue requests against Spring Data REST endpoints or endpoints using property path parsing which can cause a denial of service (CPU and memory consumption).

Metadata

Created: 2018-10-17T17:23:44Z
Modified: 2024-03-04T20:01:15Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2018/10/GHSA-5q8m-mqmx-pxp9/GHSA-5q8m-mqmx-pxp9.json
CWE IDs: ["CWE-770"]
Alternative ID: GHSA-5q8m-mqmx-pxp9
Finding: F067
Auto approve: 1