Property Path Parser Vulnerability in Spring Data Commons by Pivotal
CVE-2018-1274

7.5HIGH

Key Information:

Vendor

Spring By Pivotal

Status
Spring Framework
Vendor
CVE Published:
18 April 2018

What is CVE-2018-1274?

The property path parser vulnerability in Spring Data Commons allows an unauthenticated remote attacker to exploit endpoints utilizing property path parsing. By sending specially crafted requests, the attacker can trigger excessive CPU and memory consumption, ultimately leading to denial of service. This affects multiple versions of the product including 1.13 to 1.13.10 and 2.0 to 2.0.5, as well as older, unsupported versions. Organizations using Spring Data Commons should implement necessary updates to mitigate this risk.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Spring Framework Versions 1.13 to 1.13.10, 2.0 to 2.0.5

References

http://www.securityfocus.com/bid/103769
vdb-entryx_refsource_BID
https://www.oracle.com/security-alerts/cpujul2022.html
x_refsource_MISC
https://pivotal.io/security/cve-2018-1274
x_refsource_CONFIRM

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.