CyberSec.Space Logo
Back to CVE Browser

CVE-2018-1274

HIGH
7.5
CVSS Severity Score
EPSS Score0.1750%
EPSS Percentile24.44th
PublishedApr 18, 2018
Last ModifiedSep 12, 2025

Vulnerability Description

Spring Data Commons, versions 1.13 to 1.13.10, 2.0 to 2.0.5, and older unsupported versions, contain a property path parser vulnerability caused by unlimited resource allocation. An unauthenticated remote malicious user (or attacker) can issue requests against Spring Data REST endpoints or endpoints using property path parsing which can cause a denial of service (CPU and memory consumption).

Affected Platforms (CPE)

πŸ“¦
Pivotal Software

Spring Data Commons

< 1.13.11
πŸ“¦
Pivotal Software

Spring Data Commons

>= 2.0.0 and < 2.0.6
πŸ“¦
Pivotal Software

Spring Data Rest

>= 2.6 and <= 2.6.10
πŸ“¦
Pivotal Software

Spring Data Rest

>= 3.0 and <= 3.0.5

References & Advisories

πŸ”— http://www.securityfocus.com/bid/103769
πŸ”— https://pivotal.io/security/cve-2018-1274
πŸ”— https://www.oracle.com/security-alerts/cpujul2022.html
πŸ”— http://www.securityfocus.com/bid/103769
πŸ”— https://pivotal.io/security/cve-2018-1274
πŸ”— https://www.oracle.com/security-alerts/cpujul2022.html

Related Vulnerabilities

CVE-2018-12739.8

Spring Data Commons, versions prior to 1.13 to 1.13.10, 2.0 to 2.0.5, and older unsupported versions, contain a property binder vu...

CVE-2018-12597.5

Spring Data Commons, versions 1.13 prior to 1.13.12 and 2.0 prior to 2.0.7, used in combination with XMLBeam 1.4.14 or earlier ver...

CVE-2026-121917.8

A vulnerability was found in Comma AI Openpilot 0.11. This issue affects the function pickle.load/pickle.loads of the file selfdri...

CVE-2026-121905.3

A vulnerability has been found in Genspark AI Workspace App 2.8.4 on Android. This vulnerability affects unknown code of the compo...