Spring Data Commons, versions prior to 1.13 to 1.13.10, 2.0 to 2.0.5, and older unsupported versions, contain a property binder vulnerability caused by improper neutralization of special elements. An unauthenticated remote malicious user (or attacker) can supply specially crafted request parameters against Spring Data REST backed HTTP resources or using Spring Data's projection-based request payload binding hat can lead to a remote code execution attack.
History

Fri, 07 Feb 2025 13:15:00 +0000

Type Values Removed Values Added
Metrics kev

{'dateAdded': '2022-03-25'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'active', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Wed, 14 Aug 2024 00:30:00 +0000

Type Values Removed Values Added
References

cve-icon MITRE

Status: PUBLISHED

Assigner: dell

Published:

Updated: 2025-02-07T12:41:56.560Z

Reserved: 2017-12-06T00:00:00.000Z

Link: CVE-2018-1273

cve-icon Vulnrichment

Updated: 2024-08-05T03:51:48.994Z

cve-icon NVD

Status : Modified

Published: 2018-04-11T13:29:00.290

Modified: 2025-02-07T13:15:24.193

Link: CVE-2018-1273

cve-icon Redhat

Severity : Critical

Publid Date: 2018-03-27T00:00:00Z

Links: CVE-2018-1273 - Bugzilla