CVE-2018-1274
Last modified
CVE-2018-1274 is a high-severity vulnerability rated 7.5/10 on the CVSS scale. Spring Data Commons, versions 1.13 to 1.13.10, 2.0 to 2.0.5, and older unsupported versions, contain a property path parser vulnerability caused by unlimited resource allocation. An unauthenticated remote malicious user (or attacker) can issue requests against Spring Data REST endpoints or endpoints using property path parsing which can cause a denial of service (CPU and memory consumption).. EPSS estimates a 1.97% chance of exploitation in the next 30 days.
Description
Spring Data Commons, versions 1.13 to 1.13.10, 2.0 to 2.0.5, and older unsupported versions, contain a property path parser vulnerability caused by unlimited resource allocation. An unauthenticated remote malicious user (or attacker) can issue requests against Spring Data REST endpoints or endpoints using property path parsing which can cause a denial of service (CPU and memory consumption).
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Broadcom | Spring Data Commons | < 1.13.11 |
| Broadcom | Spring Data Commons | >= 2.0.0, < 2.0.6 |
| Pivotal Software | Spring Data Rest | >= 3.0, <= 3.0.5 |
| Vmware | Spring Data Rest | >= 2.6, <= 2.6.10 |
References
- http://www.securityfocus.com/bid/103769Broken Link
- https://pivotal.io/security/cve-2018-1274Vendor Advisory
- https://www.oracle.com/security-alerts/cpujul2022.htmlThird Party Advisory
- http://www.securityfocus.com/bid/103769Broken Link
- https://pivotal.io/security/cve-2018-1274Vendor Advisory
- https://www.oracle.com/security-alerts/cpujul2022.htmlThird Party Advisory
Timeline
- Published
- Last Modified
- Status
- Analyzed
Frequently Asked Questions
What is CVE-2018-1274?
How severe is CVE-2018-1274?
How do I fix CVE-2018-1274?
Are you affected by CVE-2018-1274?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST