CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Pivotal Software: >> Spring Data Commons >> 1.11.1 Security Vulnerabilities

CVE-2018-1273

Known exploited

Spring Data Commons, versions prior to 1.13 to 1.13.10, 2.0 to 2.0.5, and older unsupported versions, contain a property binder vulnerability caused by improper neutralization of special elements. An unauthenticated remote malicious user (or attacker) can supply specially crafted request parameters against Spring Data REST backed HTTP resources or using Spring Data's projection-based request payload binding hat can lead to a remote code execution attack.

CVSS Score

9.8

EPSS Score

0.942

Published

2018-04-11

Page 1

Vulnerabilities

Vulnerable Software

Pivotal Software: >> Spring Data Commons >> 1.11.1 Security Vulnerabilities

Products

Pricing

Contact Us