Spring Data Commons, versions prior to 1.13 to 1.13.10, 2.0 to 2.0.5, and older unsupported versions, contain a property binder vulnerability caused by improper neutralization of special elements. An unauthenticated remote malicious user (or attacker) can supply specially crafted request parameters against Spring Data REST backed HTTP resources or using Spring Data's projection-based request payload binding hat can lead to a remote code execution attack.
References
Link | Resource |
---|---|
http://mail-archives.apache.org/mod_mbox/ignite-dev/201807.mbox/%3CCAK0qHnqzfzmCDFFi6c5Jok19zNkVCz5Xb4sU%3D0f2J_1i4p46zQ%40mail.gmail.com%3E | Mailing List Third Party Advisory |
https://pivotal.io/security/cve-2018-1273 | Vendor Advisory |
https://www.oracle.com/security-alerts/cpujul2022.html | Patch Third Party Advisory |
http://mail-archives.apache.org/mod_mbox/ignite-dev/201807.mbox/%3CCAK0qHnqzfzmCDFFi6c5Jok19zNkVCz5Xb4sU%3D0f2J_1i4p46zQ%40mail.gmail.com%3E | Mailing List Third Party Advisory |
https://pivotal.io/security/cve-2018-1273 | Vendor Advisory |
https://www.oracle.com/security-alerts/cpujul2022.html | Patch Third Party Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
History
21 Nov 2024, 03:59
Type | Values Removed | Values Added |
---|---|---|
References | () http://mail-archives.apache.org/mod_mbox/ignite-dev/201807.mbox/%3CCAK0qHnqzfzmCDFFi6c5Jok19zNkVCz5Xb4sU%3D0f2J_1i4p46zQ%40mail.gmail.com%3E - Mailing List, Third Party Advisory | |
References | () https://pivotal.io/security/cve-2018-1273 - Vendor Advisory | |
References | () https://www.oracle.com/security-alerts/cpujul2022.html - Patch, Third Party Advisory |
16 Jul 2024, 17:53
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:apache:ignite:1.0.0:-:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_crime_and_compliance_management_studio:8.0.8.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_crime_and_compliance_management_studio:8.0.8.2.0:*:*:*:*:*:*:* |
|
First Time |
Oracle financial Services Crime And Compliance Management Studio
Oracle |
|
CWE | CWE-74 | |
References | () https://www.oracle.com/security-alerts/cpujul2022.html - Patch, Third Party Advisory |
Information
Published : 2018-04-11 13:29
Updated : 2024-11-21 03:59
NVD link : CVE-2018-1273
Mitre link : CVE-2018-1273
CVE.ORG link : CVE-2018-1273
JSON object : View
Products Affected
pivotal_software
- spring_data_commons
- spring_data_rest
apache
- ignite
oracle
- financial_services_crime_and_compliance_management_studio