← Zuruck zu CVEs
CVE-2018-1274
HIGH7.5
Beschreibung
Spring Data Commons, versions 1.13 to 1.13.10, 2.0 to 2.0.5, and older unsupported versions, contain a property path parser vulnerability caused by unlimited resource allocation. An unauthenticated remote malicious user (or attacker) can issue requests against Spring Data REST endpoints or endpoints using property path parsing which can cause a denial of service (CPU and memory consumption).
CVE Details
CVSS v3.1 Bewertung7.5
SchweregradHIGH
CVSS VektorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
AngriffsvektorNETWORK
KomplexitatLOW
Erforderliche PrivilegienNONE
BenutzerinteraktionNONE
Veroffentlicht4/18/2018
Zuletzt geandert9/12/2025
Quellenvd
Honeypot-Sichtungen0
Betroffene Produkte
pivotal_software:spring_data_commonspivotal_software:spring_data_rest
Schwachen (CWE)
CWE-770
Referenzen
http://www.securityfocus.com/bid/103769(security_alert@emc.com)
https://pivotal.io/security/cve-2018-1274(security_alert@emc.com)
https://www.oracle.com/security-alerts/cpujul2022.html(security_alert@emc.com)
http://www.securityfocus.com/bid/103769(af854a3a-2127-422b-91ae-364da2661108)
https://pivotal.io/security/cve-2018-1274(af854a3a-2127-422b-91ae-364da2661108)
https://www.oracle.com/security-alerts/cpujul2022.html(af854a3a-2127-422b-91ae-364da2661108)
IOC Korrelationen
Keine Korrelationen erfasst
This product uses data from the NVD API but is not endorsed or certified by the NVD.