← Volver a CVEs
CVE-2018-1274
HIGH7.5
Descripcion
Spring Data Commons, versions 1.13 to 1.13.10, 2.0 to 2.0.5, and older unsupported versions, contain a property path parser vulnerability caused by unlimited resource allocation. An unauthenticated remote malicious user (or attacker) can issue requests against Spring Data REST endpoints or endpoints using property path parsing which can cause a denial of service (CPU and memory consumption).
Detalles CVE
Puntuacion CVSS v3.17.5
SeveridadHIGH
Vector CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Vector de ataqueNETWORK
ComplejidadLOW
Privilegios requeridosNONE
Interaccion usuarioNONE
Publicado4/18/2018
Ultima modificacion9/12/2025
Fuentenvd
Avistamientos honeypot0
Productos afectados
pivotal_software:spring_data_commonspivotal_software:spring_data_rest
Debilidades (CWE)
CWE-770
Referencias
http://www.securityfocus.com/bid/103769(security_alert@emc.com)
https://pivotal.io/security/cve-2018-1274(security_alert@emc.com)
https://www.oracle.com/security-alerts/cpujul2022.html(security_alert@emc.com)
http://www.securityfocus.com/bid/103769(af854a3a-2127-422b-91ae-364da2661108)
https://pivotal.io/security/cve-2018-1274(af854a3a-2127-422b-91ae-364da2661108)
https://www.oracle.com/security-alerts/cpujul2022.html(af854a3a-2127-422b-91ae-364da2661108)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.