logo

Database

Improper resource allocation In org.springframework.data:spring-data-commons

Description

Spring Data Commons contain a property path parser vulnerability caused by unlimited resource allocation Spring Data Commons, versions 1.13 to 1.13.10, 2.0 to 2.0.5, and older unsupported versions, contain a property path parser vulnerability caused by unlimited resource allocation. An unauthenticated remote malicious user (or attacker) can issue requests against Spring Data REST endpoints or endpoints using property path parsing which can cause a denial of service (CPU and memory consumption).

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version
Patched versions

Aliases

1. CVE-2018-12742. NVD-2018-12743. OSV-2018-12744. GHSA-5q8m-mqmx-pxp95. GCVE-2018-1274

References

1. https://github.com/spring-projects/spring-data-commons/commit/371f6590c509c72f8e600f3d05e110941607fba2. https://github.com/spring-projects/spring-data-commons/commit/3d8576fe4e4e71c23b9e6796b32fd56e51182ee3. https://pivotal.io/security/cve-2018-12744. https://www.oracle.com/security-alerts/cpujul2022.html5. http://www.securityfocus.com/bid/103769

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.