Vulnerability Description
Spring Data Commons, versions 1.13 to 1.13.10, 2.0 to 2.0.5, and older unsupported versions, contain a property path parser vulnerability caused by unlimited resource allocation. An unauthenticated remote malicious user (or attacker) can issue requests against Spring Data REST endpoints or endpoints using property path parsing which can cause a denial of service (CPU and memory consumption).
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Pivotal Software | Spring Data Commons | < 1.13.11 |
| Pivotal Software | Spring Data Rest | >= 2.6, <= 2.6.10 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/103769Broken Link
- https://pivotal.io/security/cve-2018-1274Vendor Advisory
- https://www.oracle.com/security-alerts/cpujul2022.htmlThird Party Advisory
- http://www.securityfocus.com/bid/103769Broken Link
- https://pivotal.io/security/cve-2018-1274Vendor Advisory
- https://www.oracle.com/security-alerts/cpujul2022.htmlThird Party Advisory
FAQ
What is CVE-2018-1274?
CVE-2018-1274 is a vulnerability with a CVSS score of 7.5 (HIGH). Spring Data Commons, versions 1.13 to 1.13.10, 2.0 to 2.0.5, and older unsupported versions, contain a property path parser vulnerability caused by unlimited resource allocation. An unauthenticated re...
How severe is CVE-2018-1274?
CVE-2018-1274 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-1274?
Check the references section above for vendor advisories and patch information. Affected products include: Pivotal Software Spring Data Commons, Pivotal Software Spring Data Rest.