CVE-2018-1259
- EPSS 10.29%
- Published 11.05.2018 20:29:00
- Last modified 21.11.2024 03:59:29
Spring Data Commons, versions 1.13 prior to 1.13.12 and 2.0 prior to 2.0.7, used in combination with XMLBeam 1.4.14 or earlier versions, contains a property binder vulnerability caused by improper restriction of XML external entity references as unde...
CVE-2018-1274
- EPSS 0.97%
- Published 18.04.2018 16:29:00
- Last modified 12.09.2025 19:46:05
Spring Data Commons, versions 1.13 to 1.13.10, 2.0 to 2.0.5, and older unsupported versions, contain a property path parser vulnerability caused by unlimited resource allocation. An unauthenticated remote malicious user (or attacker) can issue reques...
CVE-2018-1273
- EPSS 94.19%
- Published 11.04.2018 13:29:00
- Last modified 30.07.2025 19:04:54
Spring Data Commons, versions prior to 1.13 to 1.13.10, 2.0 to 2.0.5, and older unsupported versions, contain a property binder vulnerability caused by improper neutralization of special elements. An unauthenticated remote malicious user (or attacker...
CVE-2017-8046
- EPSS 93.73%
- Published 04.01.2018 06:29:00
- Last modified 21.11.2024 03:33:12
Malicious PATCH requests submitted to servers using Spring Data REST versions prior to 2.6.9 (Ingalls SR9), versions prior to 3.0.1 (Kay SR1) and Spring Boot versions prior to 1.5.9, 2.0 M6 can use specially crafted JSON data to run arbitrary Java co...