← Voltar para CVEs
CVE-2018-1274
HIGH7.5
Descricao
Spring Data Commons, versions 1.13 to 1.13.10, 2.0 to 2.0.5, and older unsupported versions, contain a property path parser vulnerability caused by unlimited resource allocation. An unauthenticated remote malicious user (or attacker) can issue requests against Spring Data REST endpoints or endpoints using property path parsing which can cause a denial of service (CPU and memory consumption).
Detalhes CVE
Pontuacao CVSS v3.17.5
SeveridadeHIGH
Vetor CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Vetor de ataqueNETWORK
ComplexidadeLOW
Privilegios necessariosNONE
Interacao do usuarioNONE
Publicado4/18/2018
Ultima modificacao9/12/2025
Fontenvd
Avistamentos honeypot0
Produtos afetados
pivotal_software:spring_data_commonspivotal_software:spring_data_rest
Fraquezas (CWE)
CWE-770
Referencias
http://www.securityfocus.com/bid/103769(security_alert@emc.com)
https://pivotal.io/security/cve-2018-1274(security_alert@emc.com)
https://www.oracle.com/security-alerts/cpujul2022.html(security_alert@emc.com)
http://www.securityfocus.com/bid/103769(af854a3a-2127-422b-91ae-364da2661108)
https://pivotal.io/security/cve-2018-1274(af854a3a-2127-422b-91ae-364da2661108)
https://www.oracle.com/security-alerts/cpujul2022.html(af854a3a-2127-422b-91ae-364da2661108)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.