CyberSec.Space Logo
CVEブラウザに戻る

CVE-2018-1274

HIGH
7.5
CVSS Severity Score
EPSS Score0.1750%
EPSS Percentile24.44th
Published2018年4月18日
Last Modified2025年9月12日

Vulnerability Description

Spring Data Commons, versions 1.13 to 1.13.10, 2.0 to 2.0.5, and older unsupported versions, contain a property path parser vulnerability caused by unlimited resource allocation. An unauthenticated remote malicious user (or attacker) can issue requests against Spring Data REST endpoints or endpoints using property path parsing which can cause a denial of service (CPU and memory consumption).

Affected Platforms (CPE)

📦
Pivotal Software

Spring Data Commons

< 1.13.11
📦
Pivotal Software

Spring Data Commons

>= 2.0.0 and < 2.0.6
📦
Pivotal Software

Spring Data Rest

>= 2.6 and <= 2.6.10
📦
Pivotal Software

Spring Data Rest

>= 3.0 and <= 3.0.5

References & Advisories

🔗 http://www.securityfocus.com/bid/103769
🔗 https://pivotal.io/security/cve-2018-1274
🔗 https://www.oracle.com/security-alerts/cpujul2022.html
🔗 http://www.securityfocus.com/bid/103769
🔗 https://pivotal.io/security/cve-2018-1274
🔗 https://www.oracle.com/security-alerts/cpujul2022.html

関連する脆弱性情報

CVE-2018-12739.8

Spring Data Commons, versions prior to 1.13 to 1.13.10, 2.0 to 2.0.5, and older unsupported versions, contain a property binder vu...

CVE-2018-12597.5

Spring Data Commons, versions 1.13 prior to 1.13.12 and 2.0 prior to 2.0.7, used in combination with XMLBeam 1.4.14 or earlier ver...

CVE-2026-121917.8

A vulnerability was found in Comma AI Openpilot 0.11. This issue affects the function pickle.load/pickle.loads of the file selfdri...

CVE-2026-121905.3

A vulnerability has been found in Genspark AI Workspace App 2.8.4 on Android. This vulnerability affects unknown code of the compo...