← Retour aux CVEs
CVE-2018-1274
HIGH7.5
Description
Spring Data Commons, versions 1.13 to 1.13.10, 2.0 to 2.0.5, and older unsupported versions, contain a property path parser vulnerability caused by unlimited resource allocation. An unauthenticated remote malicious user (or attacker) can issue requests against Spring Data REST endpoints or endpoints using property path parsing which can cause a denial of service (CPU and memory consumption).
Details CVE
Score CVSS v3.17.5
SeveriteHIGH
Vecteur CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Vecteur d'attaqueNETWORK
ComplexiteLOW
Privileges requisNONE
Interaction utilisateurNONE
Publie4/18/2018
Derniere modification9/12/2025
Sourcenvd
Observations honeypot0
Produits affectes
pivotal_software:spring_data_commonspivotal_software:spring_data_rest
Faiblesses (CWE)
CWE-770
References
http://www.securityfocus.com/bid/103769(security_alert@emc.com)
https://pivotal.io/security/cve-2018-1274(security_alert@emc.com)
https://www.oracle.com/security-alerts/cpujul2022.html(security_alert@emc.com)
http://www.securityfocus.com/bid/103769(af854a3a-2127-422b-91ae-364da2661108)
https://pivotal.io/security/cve-2018-1274(af854a3a-2127-422b-91ae-364da2661108)
https://www.oracle.com/security-alerts/cpujul2022.html(af854a3a-2127-422b-91ae-364da2661108)
Correlations IOC
Aucune correlation enregistree
This product uses data from the NVD API but is not endorsed or certified by the NVD.