CyberSec.Space Logo
返回 CVE 瀏覽器

CVE-2018-1274

HIGH
7.5
CVSS Severity Score
EPSS Score0.1750%
EPSS Percentile24.44th
Published2018年4月18日
Last Modified2025年9月12日

Vulnerability Description

Spring Data Commons, versions 1.13 to 1.13.10, 2.0 to 2.0.5, and older unsupported versions, contain a property path parser vulnerability caused by unlimited resource allocation. An unauthenticated remote malicious user (or attacker) can issue requests against Spring Data REST endpoints or endpoints using property path parsing which can cause a denial of service (CPU and memory consumption).

Affected Platforms (CPE)

📦
Pivotal Software

Spring Data Commons

< 1.13.11
📦
Pivotal Software

Spring Data Commons

>= 2.0.0 and < 2.0.6
📦
Pivotal Software

Spring Data Rest

>= 2.6 and <= 2.6.10
📦
Pivotal Software

Spring Data Rest

>= 3.0 and <= 3.0.5

References & Advisories

🔗 http://www.securityfocus.com/bid/103769
🔗 https://pivotal.io/security/cve-2018-1274
🔗 https://www.oracle.com/security-alerts/cpujul2022.html
🔗 http://www.securityfocus.com/bid/103769
🔗 https://pivotal.io/security/cve-2018-1274
🔗 https://www.oracle.com/security-alerts/cpujul2022.html

相關漏洞威脅

CVE-2018-12739.8

Spring Data Commons, versions prior to 1.13 to 1.13.10, 2.0 to 2.0.5, and older unsupported versions, contain a property binder vu...

CVE-2018-12597.5

Spring Data Commons, versions 1.13 prior to 1.13.12 and 2.0 prior to 2.0.7, used in combination with XMLBeam 1.4.14 or earlier ver...

CVE-2026-121917.8

A vulnerability was found in Comma AI Openpilot 0.11. This issue affects the function pickle.load/pickle.loads of the file selfdri...

CVE-2026-121905.3

A vulnerability has been found in Genspark AI Workspace App 2.8.4 on Android. This vulnerability affects unknown code of the compo...