← Voltar para CVEs
CVE-2018-1259
N/ADescricao
Spring Data Commons, versions 1.13 prior to 1.13.12 and 2.0 prior to 2.0.7, used in combination with XMLBeam 1.4.14 or earlier versions, contains a property binder vulnerability caused by improper restriction of XML external entity references as underlying library XMLBeam does not restrict external reference expansion. An unauthenticated remote malicious user can supply specially crafted request parameters against Spring Data's projection-based request payload binding to access arbitrary files on the system.
Detalhes CVE
Pontuacao CVSS v3.1N/A
Publicado5/11/2018
Ultima modificacao11/21/2024
Fontenvd
Avistamentos honeypot0
Produtos afetados
pivotal_software:spring_data_commonspivotal_software:spring_data_restxmlbeam:xmlbeam
Fraquezas (CWE)
CWE-611
Referencias
https://access.redhat.com/errata/RHSA-2018:1809(security_alert@emc.com)
https://access.redhat.com/errata/RHSA-2018:3768(security_alert@emc.com)
https://pivotal.io/security/cve-2018-1259(security_alert@emc.com)
https://www.oracle.com/security-alerts/cpujul2022.html(security_alert@emc.com)
https://access.redhat.com/errata/RHSA-2018:1809(af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2018:3768(af854a3a-2127-422b-91ae-364da2661108)
https://pivotal.io/security/cve-2018-1259(af854a3a-2127-422b-91ae-364da2661108)
https://www.oracle.com/security-alerts/cpujul2022.html(af854a3a-2127-422b-91ae-364da2661108)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.