Home

CVE-2018-1273

Description

Spring Data Commons, versions prior to 1.13 to 1.13.10, 2.0 to 2.0.5, and older unsupported versions, contain a property binder vulnerability caused by improper neutralization of special elements. An unauthenticated remote malicious user (or attacker) can supply specially crafted request parameters against Spring Data REST backed HTTP resources or using Spring Datas projection-based request payload binding hat can lead to a remote code execution attack.

Risk Information

Base Score
9.8
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
94.288

Associated Vulnerability

VulnerabilityOS Platform
Vulnerabilities CVE-2018-1274,CVE-2018-1273 are fixed in Spring - Data Commons 1.13.11Windows
Vulnerabilities CVE-2018-1274,CVE-2018-1273 are fixed in Spring - Data Commons 2.0.6Windows
Vulnerabilities CVE-2018-1274,CVE-2018-1273 are fixed in Spring - Data Commons for Linux 1.13.11Linux
Vulnerabilities CVE-2018-1274,CVE-2018-1273 are fixed in Spring - Data Commons for Linux 2.0.6Linux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234