CyberSec.Space Logo
CVEブラウザに戻る

CVE-2018-1273

Known Exploited (CISA KEV)CRITICAL
9.8
CVSS Severity Score
EPSS Score38.2010%
EPSS Percentile86.88th
Published2018年4月11日
Last Modified2026年6月15日

Vulnerability Description

Spring Data Commons, versions prior to 1.13 to 1.13.10, 2.0 to 2.0.5, and older unsupported versions, contain a property binder vulnerability caused by improper neutralization of special elements. An unauthenticated remote malicious user (or attacker) can supply specially crafted request parameters against Spring Data REST backed HTTP resources or using Spring Data's projection-based request payload binding hat can lead to a remote code execution attack.

Affected Platforms (CPE)

📦
VMware Tanzu

Spring Data Commons

Refer to description

References & Advisories

🔗 http://mail-archives.apache.org/mod_mbox/ignite-dev/201807.mbox/%3CCAK0qHnqzfzmCDFFi6c5Jok19zNkVCz5Xb4sU%3D0f2J_1i4p46zQ%40mail.gmail.com%3E
🔗 https://pivotal.io/security/cve-2018-1273
🔗 https://www.oracle.com/security-alerts/cpujul2022.html
🔗 http://mail-archives.apache.org/mod_mbox/ignite-dev/201807.mbox/%3CCAK0qHnqzfzmCDFFi6c5Jok19zNkVCz5Xb4sU%3D0f2J_1i4p46zQ%40mail.gmail.com%3E
🔗 https://pivotal.io/security/cve-2018-1273
🔗 https://www.oracle.com/security-alerts/cpujul2022.html
🔗 https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-1273

関連する脆弱性情報

CVE-2018-12747.5

Spring Data Commons, versions 1.13 to 1.13.10, 2.0 to 2.0.5, and older unsupported versions, contain a property path parser vulner...

CVE-2018-12597.5

Spring Data Commons, versions 1.13 prior to 1.13.12 and 2.0 prior to 2.0.7, used in combination with XMLBeam 1.4.14 or earlier ver...

CVE-2026-53430

Improper Handling of Highly Compressed Data (Data Amplification) vulnerability in elixir-grpc grpc (GRPC.Compressor.Gzip, GRPC.Mes...

CVE-2026-48854

Allocation of Resources Without Limits or Throttling vulnerability in elixir-grpc grpc allows unauthenticated attackers to exhaust...