CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Xmlbeam: >> Xmlbeam >> 1.2.0 Security Vulnerabilities

CVE-2018-1259

Spring Data Commons, versions 1.13 prior to 1.13.12 and 2.0 prior to 2.0.7, used in combination with XMLBeam 1.4.14 or earlier versions, contains a property binder vulnerability caused by improper restriction of XML external entity references as underlying library XMLBeam does not restrict external reference expansion. An unauthenticated remote malicious user can supply specially crafted request parameters against Spring Data's projection-based request payload binding to access arbitrary files on the system.

CVSS Score

7.5

EPSS Score

0.156

Published

2018-05-11

Page 1

Vulnerabilities

Vulnerable Software

Xmlbeam: >> Xmlbeam >> 1.2.0 Security Vulnerabilities

Products

Pricing

Contact Us