CVE-2018-1273

Source
https://cve.org/CVERecord?id=CVE-2018-1273
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-1273.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2018-1273
Aliases
Published
2018-04-11T13:29:00.290Z
Modified
2026-07-08T05:50:57.155880589Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

Spring Data Commons, versions prior to 1.13 to 1.13.10, 2.0 to 2.0.5, and older unsupported versions, contain a property binder vulnerability caused by improper neutralization of special elements. An unauthenticated remote malicious user (or attacker) can supply specially crafted request parameters against Spring Data REST backed HTTP resources or using Spring Data's projection-based request payload binding hat can lead to a remote code execution attack.

Database specific
{
    "unresolved_ranges": [
        {
            "cpes": [
                "cpe:2.3:a:pivotal_software:spring_data_rest:*:*:*:*:*:*:*:*"
            ],
            "extracted_events": [
                {
                    "introduced": "3.0.0"
                },
                {
                    "last_affected": "3.0.5"
                }
            ],
            "vendor_product": "pivotal_software:spring_data_rest",
            "source": "CPE_RANGE"
        },
        {
            "cpes": [
                "cpe:2.3:a:oracle:financial_services_crime_and_compliance_management_studio:8.0.8.2.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:oracle:financial_services_crime_and_compliance_management_studio:8.0.8.3.0:*:*:*:*:*:*:*"
            ],
            "extracted_events": [
                {
                    "introduced": "8.0.8.2.0"
                },
                {
                    "last_affected": "8.0.8.2.0"
                },
                {
                    "introduced": "8.0.8.3.0"
                },
                {
                    "last_affected": "8.0.8.3.0"
                }
            ],
            "vendor_product": "oracle:financial_services_crime_and_compliance_management_studio",
            "source": "CPE_STRING"
        }
    ]
}
References

Affected packages

Git
github.com/apache/ignite

Affected ranges

Type
GIT
Repo
https://github.com/apache/ignite
Events
Database specific
{
    "cpe": [
        "cpe:2.3:a:apache:ignite:*:*:*:*:*:*:*:*",
        "cpe:2.3:a:apache:ignite:1.0.0:-:*:*:*:*:*:*",
        "cpe:2.3:a:apache:ignite:1.0.0:rc3:*:*:*:*:*:*"
    ],
    "extracted_events": [
        {
            "introduced": "1.0.1"
        },
        {
            "last_affected": "2.5.0"
        },
        {
            "introduced": "1.0.0-NA"
        },
        {
            "last_affected": "1.0.0-NA"
        },
        {
            "introduced": "1.0.0-rc3"
        },
        {
            "last_affected": "1.0.0-rc3"
        }
    ],
    "source": [
        "CPE_RANGE",
        "CPE_STRING"
    ]
}

Affected versions

1.*
1.0.0-NA
1.0.0-rc3

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-1273.json"
github.com/spring-projects/spring-data-commons

Affected ranges

Type
GIT
Repo
https://github.com/spring-projects/spring-data-commons
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
Introduced
Last affected
Introduced
Last affected
Database specific
{
    "cpe": "cpe:2.3:a:broadcom:spring_data_commons:*:*:*:*:*:*:*:*",
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.12.10"
        },
        {
            "introduced": "1.13.0"
        },
        {
            "last_affected": "1.13.10"
        },
        {
            "introduced": "2.0.0"
        },
        {
            "last_affected": "2.0.5"
        }
    ],
    "source": "CPE_RANGE"
}

Affected versions

1.*
1.0.0.M1
1.0.0.M2
1.0.0.M3
1.0.0.M4
1.0.0.M5
1.0.0.M6
1.0.0.RC1
1.0.0.RELEASE
1.1.0.M1
1.1.0.M2
1.1.0.RC1
1.1.0.RELEASE
1.10.0.M1
1.10.0.RC1
1.10.0.RELEASE
1.11.0.M1
1.11.0.RC1
1.11.0.RELEASE
1.12.0.M1
1.12.0.RC1
1.12.0.RELEASE
1.12.1.RELEASE
1.12.10.RELEASE
1.12.2.RELEASE
1.12.3.RELEASE
1.12.4.RELEASE
1.12.5.RELEASE
1.12.6.RELEASE
1.12.7.RELEASE
1.12.8.RELEASE
1.12.9.RELEASE
1.13.0.RELEASE
1.13.1.RELEASE
1.13.10.RELEASE
1.13.2.RELEASE
1.13.3.RELEASE
1.13.4.RELEASE
1.13.5.RELEASE
1.13.6.RELEASE
1.13.7.RELEASE
1.13.8.RELEASE
1.13.9.RELEASE
1.2.0.M1
1.2.0.M2
1.2.0.RC1
1.2.0.RELEASE
1.3.0.M1
1.3.0.RC1
1.3.0.RC2
1.3.0.RELEASE
1.4.0.M1
1.4.0.RC1
1.4.0.RELEASE
1.5.0.RELEASE
1.6.0.M1
1.6.0.RC1
1.6.0.RELEASE
1.7.0.M1
1.7.0.RC1
1.7.0.RELEASE
1.8.0.M1
1.8.0.RC1
1.8.0.RELEASE
1.9.0.M1
1.9.0.RC1
1.9.0.RELEASE
2.*
2.0.0.RELEASE
2.0.1.RELEASE
2.0.2.RELEASE
2.0.3.RELEASE
2.0.4.RELEASE
2.0.5.RELEASE

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-1273.json"
github.com/spring-projects/spring-data-rest

Affected ranges

Type
GIT
Repo
https://github.com/spring-projects/spring-data-rest
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
Introduced
Last affected
Database specific
{
    "cpe": "cpe:2.3:a:vmware:spring_data_rest:*:*:*:*:*:*:*:*",
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.5.10"
        },
        {
            "introduced": "2.6.0"
        },
        {
            "last_affected": "2.6.10"
        }
    ],
    "source": "CPE_RANGE"
}

Affected versions

2.*
2.0.0.M1
2.0.0.RC1
2.0.0.RELEASE
2.1.0.M1
2.1.0.RC1
2.1.0.RELEASE
2.2.0.M1
2.2.0.RC1
2.2.0.RELEASE
2.3.0.M1
2.3.0.RC1
2.3.0.RELEASE
2.4.0.M1
2.4.0.RC1
2.4.0.RELEASE
2.5.0.M1
2.5.0.RC1
2.5.0.RELEASE
2.5.1.RELEASE
2.5.10.RELEASE
2.5.2.RELEASE
2.5.3.RELEASE
2.5.4.RELEASE
2.5.5.RELEASE
2.5.6.RELEASE
2.5.7.RELEASE
2.5.8.RELEASE
2.5.9.RELEASE
2.6.0.RELEASE
2.6.1.RELEASE
2.6.10.RELEASE
2.6.2.RELEASE
2.6.3.RELEASE
2.6.4.RELEASE
2.6.5.RELEASE
2.6.6.RELEASE
2.6.7.RELEASE
2.6.8.RELEASE
2.6.9.RELEASE

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-1273.json"