Vulnerability CVE-2018-1274
Published: 2018-04-18

Description:
Spring Data Commons, versions 1.13 to 1.13.10, 2.0 to 2.0.5, and older unsupported versions, contain a property path parser vulnerability caused by unlimited resource allocation. An unauthenticated remote malicious user (or attacker) can issue requests against Spring Data REST endpoints or endpoints using property path parsing which can cause a denial of service (CPU and memory consumption).

Type:

CWE-770

CVSS2 => (AV:N/AC:L/Au:N/C:N/I:N/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
5/10
2.9/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
None
None
Partial
Affected software
Pivotal software -> Spring data commons 
Pivotal software -> Spring data rest 

 References:
http://www.securityfocus.com/bid/103769
https://pivotal.io/security/cve-2018-1274
Copyright 2024, cxsecurity.com

 

Back to Top