Get a Demo

Let's Patch It!

Book a short call with one our specialists, we'll walk you through how Endor Patches work, and ask you a few questions about your environment (like your primary programming languages and repository management). We'll also send you an email right after you fill out the form, feel free to reply with any questions you have in advance!

Back to All

CVE

CVE-2018-1274

Spring Data Commons contain a property path parser vulnerability caused by unlimited resource allocation

Description

Spring Data Commons, versions 1.13 to 1.13.10, 2.0 to 2.0.5, and older unsupported versions, contain a property path parser vulnerability caused by unlimited resource allocation. An unauthenticated remote malicious user (or attacker) can issue requests against Spring Data REST endpoints or endpoints using property path parsing which can cause a denial of service (CPU and memory consumption).

Base CVSS

7.5

EPSS Score

0.97%

Introduced Version

1.0.0.RELEASE

Fix Available

1.13.11.RELEASE,2.0.6.RELEASE

Fix without Upgrading

Available Patches

Package

CVEs Fixed

Lines of Code Changed

Package Name

org.springframework.data:spring-data-commons-core

References

https://github.com/advisories/GHSA-5q8m-mqmx-pxp9

http://www.securityfocus.com/bid/103769

https://nvd.nist.gov/vuln/detail/CVE-2018-1274

https://github.com/spring-projects/spring-data-commons/commit/3d8576fe4e4e71c23b9e6796b32fd56e51182ee

https://pivotal.io/security/cve-2018-1274

https://github.com/spring-projects/spring-data-commons/commit/371f6590c509c72f8e600f3d05e110941607fba

https://www.oracle.com/security-alerts/cpujul2022.html

AppSec for the Software Development Revolution

Endor Labs builds a complete graph of your software estate, so teams can pinpoint and fix critical risks in complex, dependency-rich code—whether it was written by humans or AI.

Welcome to the resistance

Oops! Something went wrong, please try again.