Spring Data Commons, versions prior to 1.13 to 1.13.10, 2.0 to 2.0.5, and older unsupported versions, contain a property binder vulnerability caused by improper neutralization of special elements. An unauthenticated remote malicious user (or attacker) can supply specially crafted request parameters against Spring Data REST backed HTTP resources or using Spring Data's projection-based request payload binding hat can lead to a remote code execution attack.
References
Link | Resource |
---|---|
http://mail-archives.apache.org/mod_mbox/ignite-dev/201807.mbox/%3CCAK0qHnqzfzmCDFFi6c5Jok19zNkVCz5Xb4sU%3D0f2J_1i4p46zQ%40mail.gmail.com%3E | Mailing List Third Party Advisory |
https://pivotal.io/security/cve-2018-1273 | Vendor Advisory |
https://www.oracle.com/security-alerts/cpujul2022.html | Patch Third Party Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
History
16 Jul 2024, 17:53
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:apache:ignite:1.0.0:-:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_crime_and_compliance_management_studio:8.0.8.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_crime_and_compliance_management_studio:8.0.8.2.0:*:*:*:*:*:*:* |
|
First Time |
Oracle financial Services Crime And Compliance Management Studio
Oracle |
|
CWE | CWE-74 | |
References | () https://www.oracle.com/security-alerts/cpujul2022.html - Patch, Third Party Advisory |
Information
Published : 2018-04-11 13:29
Updated : 2024-07-16 17:53
NVD link : CVE-2018-1273
Mitre link : CVE-2018-1273
CVE.ORG link : CVE-2018-1273
JSON object : View
Products Affected
pivotal_software
- spring_data_commons
- spring_data_rest
oracle
- financial_services_crime_and_compliance_management_studio
apache
- ignite