← Back to CVEs
CVE-2018-1274
HIGH7.5
Description
Spring Data Commons, versions 1.13 to 1.13.10, 2.0 to 2.0.5, and older unsupported versions, contain a property path parser vulnerability caused by unlimited resource allocation. An unauthenticated remote malicious user (or attacker) can issue requests against Spring Data REST endpoints or endpoints using property path parsing which can cause a denial of service (CPU and memory consumption).
CVE Details
CVSS v3.1 Score7.5
SeverityHIGH
CVSS VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack VectorNETWORK
ComplexityLOW
Privileges RequiredNONE
User InteractionNONE
Published4/18/2018
Last Modified9/12/2025
Sourcenvd
Honeypot Sightings0
Affected Products
pivotal_software:spring_data_commonspivotal_software:spring_data_rest
Weaknesses (CWE)
CWE-770
References
http://www.securityfocus.com/bid/103769(security_alert@emc.com)
https://pivotal.io/security/cve-2018-1274(security_alert@emc.com)
https://www.oracle.com/security-alerts/cpujul2022.html(security_alert@emc.com)
http://www.securityfocus.com/bid/103769(af854a3a-2127-422b-91ae-364da2661108)
https://pivotal.io/security/cve-2018-1274(af854a3a-2127-422b-91ae-364da2661108)
https://www.oracle.com/security-alerts/cpujul2022.html(af854a3a-2127-422b-91ae-364da2661108)
IOC Correlations
No correlations recorded
This product uses data from the NVD API but is not endorsed or certified by the NVD.