CyberSec.Space Logo
返回 CVE 瀏覽器

CVE-2018-1259

HIGH
7.5
CVSS Severity Score
EPSS Score0.1390%
EPSS Percentile28.15th
Published2018年5月11日
Last Modified2026年6月15日

Vulnerability Description

Spring Data Commons, versions 1.13 prior to 1.13.12 and 2.0 prior to 2.0.7, used in combination with XMLBeam 1.4.14 or earlier versions, contains a property binder vulnerability caused by improper restriction of XML external entity references as underlying library XMLBeam does not restrict external reference expansion. An unauthenticated remote malicious user can supply specially crafted request parameters against Spring Data's projection-based request payload binding to access arbitrary files on the system.

Affected Platforms (CPE)

No CPE configurations currently published for this record.

References & Advisories

🔗 https://access.redhat.com/errata/RHSA-2018:1809
🔗 https://access.redhat.com/errata/RHSA-2018:3768
🔗 https://pivotal.io/security/cve-2018-1259
🔗 https://www.oracle.com/security-alerts/cpujul2022.html
🔗 https://access.redhat.com/errata/RHSA-2018:1809
🔗 https://access.redhat.com/errata/RHSA-2018:3768
🔗 https://pivotal.io/security/cve-2018-1259
🔗 https://www.oracle.com/security-alerts/cpujul2022.html

相關漏洞威脅

CVE-2026-53430

Improper Handling of Highly Compressed Data (Data Amplification) vulnerability in elixir-grpc grpc (GRPC.Compressor.Gzip, GRPC.Mes...

CVE-2026-48854

Allocation of Resources Without Limits or Throttling vulnerability in elixir-grpc grpc allows unauthenticated attackers to exhaust...

CVE-2026-48853

Deserialization of Untrusted Data and Allocation of Resources Without Limits or Throttling vulnerabilities in elixir-grpc grpc all...

CVE-2026-487237.8

The browserstack-cypress-cli is BrowserStack's CLI which allows users to run Cypress tests on BrowserStack. Versions prior to 1.36...