CVE-2018-1273

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2018-1273

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-1273.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2018-1273

Aliases

GHSA-4fq3-mr56-cg6r

Published

2018-04-11T13:29:00Z

Modified

2024-09-03T02:08:29.517355Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

Spring Data Commons, versions prior to 1.13 to 1.13.10, 2.0 to 2.0.5, and older unsupported versions, contain a property binder vulnerability caused by improper neutralization of special elements. An unauthenticated remote malicious user (or attacker) can supply specially crafted request parameters against Spring Data REST backed HTTP resources or using Spring Data's projection-based request payload binding hat can lead to a remote code execution attack.

References

Affected packages

Git / github.com/apache/ignite

Affected ranges

Type: GIT
Repo: https://github.com/apache/ignite
Events: Last affected

5fc2cd053467e65872f796e11e3edd2e6017d80d

Introduced

fceebf26559068eac36b7395a7c6d51229c33469

Last affected

86e110c750a340dc9be2d396415f0b80d7ed8813

Last affected

f54fc36cc29533ea0ea49eacc345b7f769491bf8

Type: GIT
Repo: https://github.com/spring-projects/spring-data-commons
Events: Last affected

139b3b6f216096a7425287934e0d7e0791e7c60e

Introduced

ac92b5ee9ed83432cec927a47c893dcd4f61e0b1

Last affected

19a5fccf475b55536f9cc612a892a83af9a2c85d

Introduced

ba84e875ff32f5ce01370446f908c80308fd1a82

Last affected

688fb702d2bc9331431ca44a253b66a41feac27a

Introduced

dc8583795871a09d78a15b075935a6cada57d597

Last affected

70ac316b400937d7e1dff71c1605a4205fc818bd

Introduced

d5cad6c27f765587a3976620324153352058a4a7

Last affected

8ddb7cefe1fb0ba075dbbdc7035ab7e2a5c75c19

Last affected

a7aacccf0b337c43ae622487755f0a62e8e11255

Last affected

bc130ab9fd8ef8021fab62b67887120e5f4df799

Last affected

f386cd6e47d018c2f7640869bf5595797e3f74c0

Type: GIT
Repo: https://github.com/spring-projects/spring-data-rest
Events: Last affected

2e997b2a4bfe97feedf7c171cb09ce60a6d74dee

Last affected

84004e0d1d7e92bea3e692f1a3bc50e79ab23161

Introduced

ac2cbfcbc5954384cb92da7ed2641d1e06322827

Last affected

9c57b4c8a13edc7988ab28b2770c14e49cb5b52c

Last affected

c49a29a247201aa1375f00b7abb763eacb344ee2

Last affected

f56485d92daceaca47e050d15f0088265852d7d8

Introduced

93a2c589c5efc9e550b15103ba707c2b60f8725c

Last affected

f916233f410b9d27e2ddb23de4c9ff1e29af29b5

Affected versions

1.*

1.13.0.RELEASE

1.13.1.RELEASE

1.13.10.RELEASE

1.13.2.RELEASE

1.13.3.RELEASE

1.13.4.RELEASE

1.13.5.RELEASE

1.13.6.RELEASE

1.13.7.RELEASE

1.13.8.RELEASE

1.13.9.RELEASE

2.*

2.0.0.RELEASE

2.0.1.RELEASE

2.0.2.RELEASE

2.0.3.RELEASE

2.0.4.RELEASE

2.0.5.RELEASE

2.1.0.M1

2.1.0.M2

2.1.0.M3

2.1.0.RC1

2.1.0.RC2

2.1.0.RELEASE

2.2.0.M1

2.2.0.M2

2.2.0.M3

2.2.0.M4

2.2.0.RC1

2.2.0.RC2

2.2.0.RC3

2.2.0.RELEASE

2.3.0.M1

2.3.0.M2

2.3.0.M3

2.3.0.M4

2.3.0.RC1

2.3.0.RC2

2.3.0.RELEASE

2.4.0

2.4.0-M1

2.4.0-M2

2.4.0-RC1

2.4.0-RC2

2.5.0

2.5.0-M1

2.5.0-M2

2.5.0-M3

2.5.0-M4

2.5.0-M5

2.5.0-RC1

2.5.1

2.5.10

2.5.2

2.5.3

2.5.4

2.5.5

2.5.6

2.5.7

2.5.8

2.5.9

2.6.0

2.6.0.RELEASE

2.6.1

2.6.10

2.6.2

2.6.3

2.6.4

2.6.5

2.6.6

2.6.7

2.6.8

2.6.9

3.*

3.0.0

3.0.0.RELEASE

3.0.1

3.0.1.RELEASE

3.0.2

3.0.2.RELEASE

3.0.3

3.0.3.RELEASE

3.0.4

3.0.4.RELEASE

3.0.5

3.0.5.RELEASE

ignite-1.*

ignite-1.0.1