Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

CVE-2018-1274

Good to know:

icon
icon

Date: April 18, 2018

Spring Data Commons, versions 1.13 to 1.13.10, 2.0 to 2.0.5, and older unsupported versions, contain a property path parser vulnerability caused by unlimited resource allocation. An unauthenticated remote malicious user (or attacker) can issue requests against Spring Data REST endpoints or endpoints using property path parsing which can cause a denial of service (CPU and memory consumption).

Language: Java

Severity Score

Related Resources (11)

https://github.com/advisories/GHSA-5q8m-mqmx-pxp9
https://pivotal.io/security/cve-2018-1274
https://github.com/spring-projects/spring-data-commons/commit/371f6590c509c72f8e600f3d05e110941607fba
https://www.oracle.com/security-alerts/cpujul2022.html
https://nvd.nist.gov/vuln/detail/CVE-2018-1274
http://www.securityfocus.com/bid/103769
https://github.com/spring-projects/spring-data-commons/commit/3d8576fe4e4e71c23b9e6796b32fd56e51182ee
https://www.mend.io/resources/blog/top-security-open-source-vulnerabilities
https://www.mend.io/resources/blog/top-5-new-open-source-vulnerabilities-in-april-2018
https://www.mend.io/resources/blog/top-10-open-source-vulnerabilities-of-2018
https://www.mend.io/vulnerability-database/CVE-2018-1274

Severity Score

Weakness Type (CWE)

Resource Management Errors

CWE-399

Allocation of Resources Without Limits or Throttling

CWE-770

Top Fix

icon

Upgrade Version

Upgrade to version 1.13.11.RELEASE,2.0.6.RELEASE

Learn More

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): LOW
Privileges Required (PR): NONE
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality (C): NONE
Integrity (I): NONE
Availability (A): HIGH

CVSS v2

Base Score:
Access Vector (AV): NETWORK
Access Complexity (AC): LOW
Authentication (AU): NONE
Confidentiality (C): NONE
Integrity (I): NONE
Availability (A): PARTIAL
Additional information:

Do you need more information?

Contact Us