Spring Data Commons, versions 1.13 to 1.13.10, 2.0 to 2.0.5, and older unsupported versions, contain a property path parser vulnerability caused by unlimited resource allocation. An unauthenticated remote malicious user (or attacker) can issue requests against Spring Data REST endpoints or endpoints using property path parsing which can cause a denial of service (CPU and memory consumption).
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: dell
Published: 2018-04-18T16:00:00Z
Updated: 2024-09-17T01:11:48.375Z
Reserved: 2017-12-06T00:00:00
Link: CVE-2018-1274
Vulnrichment
No data.
NVD
Status : Modified
Published: 2018-04-18T16:29:00.417
Modified: 2024-11-21T03:59:31.210
Link: CVE-2018-1274
Redhat