CyberSec.Space Logo
CVEブラウザに戻る

CVE-2018-1273

Known Exploited (CISA KEV)CRITICAL
9.8
CVSS Severity Score
EPSS Score87.3160%
EPSS Percentile98.41th
Published2018年4月11日
Last Modified2025年10月28日

Vulnerability Description

Spring Data Commons, versions prior to 1.13 to 1.13.10, 2.0 to 2.0.5, and older unsupported versions, contain a property binder vulnerability caused by improper neutralization of special elements. An unauthenticated remote malicious user (or attacker) can supply specially crafted request parameters against Spring Data REST backed HTTP resources or using Spring Data's projection-based request payload binding hat can lead to a remote code execution attack.

Affected Platforms (CPE)

📦
Pivotal Software

Spring Data Commons

<= 1.12.10
📦
Pivotal Software

Spring Data Commons

>= 1.13.0 and <= 1.13.10
📦
Pivotal Software

Spring Data Commons

>= 2.0.0 and <= 2.0.5
📦
Pivotal Software

Spring Data Rest

<= 2.5.10
📦
Pivotal Software

Spring Data Rest

>= 2.6.0 and <= 2.6.10
📦
Pivotal Software

Spring Data Rest

>= 3.0.0 and <= 3.0.5
📦
Apache

Ignite

>= 1.0.1 and <= 2.5.0
📦
Apache

Ignite

= 1.0.0
📦
Apache

Ignite

= 1.0.0
📦
Oracle

Financial Services Crime And Compliance Management Studio

= 8.0.8.2.0
📦
Oracle

Financial Services Crime And Compliance Management Studio

= 8.0.8.3.0

References & Advisories

🔗 http://mail-archives.apache.org/mod_mbox/ignite-dev/201807.mbox/%3CCAK0qHnqzfzmCDFFi6c5Jok19zNkVCz5Xb4sU%3D0f2J_1i4p46zQ%40mail.gmail.com%3E
🔗 https://pivotal.io/security/cve-2018-1273
🔗 https://www.oracle.com/security-alerts/cpujul2022.html
🔗 http://mail-archives.apache.org/mod_mbox/ignite-dev/201807.mbox/%3CCAK0qHnqzfzmCDFFi6c5Jok19zNkVCz5Xb4sU%3D0f2J_1i4p46zQ%40mail.gmail.com%3E
🔗 https://pivotal.io/security/cve-2018-1273
🔗 https://www.oracle.com/security-alerts/cpujul2022.html
🔗 https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-1273

関連する脆弱性情報

CVE-2018-12747.5

Spring Data Commons, versions 1.13 to 1.13.10, 2.0 to 2.0.5, and older unsupported versions, contain a property path parser vulner...

CVE-2018-12597.5

Spring Data Commons, versions 1.13 prior to 1.13.12 and 2.0 prior to 2.0.7, used in combination with XMLBeam 1.4.14 or earlier ver...

CVE-2026-121917.8

A vulnerability was found in Comma AI Openpilot 0.11. This issue affects the function pickle.load/pickle.loads of the file selfdri...

CVE-2026-121905.3

A vulnerability has been found in Genspark AI Workspace App 2.8.4 on Android. This vulnerability affects unknown code of the compo...