CVE-2018-1273

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2018-1273
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-1273.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2018-1273
Aliases
Published
2018-04-11T13:29:00.290Z
Modified
2025-11-17T06:45:33.825089Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

Spring Data Commons, versions prior to 1.13 to 1.13.10, 2.0 to 2.0.5, and older unsupported versions, contain a property binder vulnerability caused by improper neutralization of special elements. An unauthenticated remote malicious user (or attacker) can supply specially crafted request parameters against Spring Data REST backed HTTP resources or using Spring Data's projection-based request payload binding hat can lead to a remote code execution attack.

References

Affected packages

Git

github.com/apache/ignite

Affected ranges

Type
GIT
Repo
https://github.com/apache/ignite
Events
Last affected
5fc2cd053467e65872f796e11e3edd2e6017d80d
Introduced
fceebf26559068eac36b7395a7c6d51229c33469
Last affected
86e110c750a340dc9be2d396415f0b80d7ed8813
Last affected
f54fc36cc29533ea0ea49eacc345b7f769491bf8

Affected versions

ignite-1.*

ignite-1.0.1

github.com/spring-projects/spring-data-commons

Affected ranges

Type
GIT
Repo
https://github.com/spring-projects/spring-data-commons
Events
Last affected
139b3b6f216096a7425287934e0d7e0791e7c60e
Introduced
ac92b5ee9ed83432cec927a47c893dcd4f61e0b1
Last affected
19a5fccf475b55536f9cc612a892a83af9a2c85d
Introduced
ba84e875ff32f5ce01370446f908c80308fd1a82
Last affected
688fb702d2bc9331431ca44a253b66a41feac27a
Introduced
dc8583795871a09d78a15b075935a6cada57d597
Last affected
70ac316b400937d7e1dff71c1605a4205fc818bd
Introduced
d5cad6c27f765587a3976620324153352058a4a7
Last affected
8ddb7cefe1fb0ba075dbbdc7035ab7e2a5c75c19
Last affected
a7aacccf0b337c43ae622487755f0a62e8e11255
Last affected
bc130ab9fd8ef8021fab62b67887120e5f4df799
Last affected
f386cd6e47d018c2f7640869bf5595797e3f74c0

Affected versions

1.*

1.13.0.RELEASE
1.13.1.RELEASE
1.13.10.RELEASE
1.13.2.RELEASE
1.13.3.RELEASE
1.13.4.RELEASE
1.13.5.RELEASE
1.13.6.RELEASE
1.13.7.RELEASE
1.13.8.RELEASE
1.13.9.RELEASE

2.*

2.0.0.RELEASE
2.0.1.RELEASE
2.0.2.RELEASE
2.0.3.RELEASE
2.0.4.RELEASE
2.0.5.RELEASE
2.1.0.M1
2.1.0.M2
2.1.0.M3
2.1.0.RC1
2.1.0.RC2
2.1.0.RELEASE
2.2.0.M1
2.2.0.M2
2.2.0.M3
2.2.0.M4
2.2.0.RC1
2.2.0.RC2
2.2.0.RC3
2.2.0.RELEASE
2.3.0.M1
2.3.0.M2
2.3.0.M3
2.3.0.M4
2.3.0.RC1
2.3.0.RC2
2.3.0.RELEASE
2.4.0
2.4.0-M1
2.4.0-M2
2.4.0-RC1
2.4.0-RC2
2.5.0
2.5.0-M1
2.5.0-M2
2.5.0-M3
2.5.0-M4
2.5.0-M5
2.5.0-RC1
2.5.1
2.5.10
2.5.2
2.5.3
2.5.4
2.5.5
2.5.6
2.5.7
2.5.8
2.5.9
2.6.0
2.6.1
2.6.10
2.6.2
2.6.3
2.6.4
2.6.5
2.6.6
2.6.7
2.6.8
2.6.9

3.*

3.0.0
3.0.1
3.0.2
3.0.3
3.0.4
3.0.5

github.com/spring-projects/spring-data-rest

Affected ranges

Type
GIT
Repo
https://github.com/spring-projects/spring-data-rest
Events
Last affected
2e997b2a4bfe97feedf7c171cb09ce60a6d74dee
Last affected
84004e0d1d7e92bea3e692f1a3bc50e79ab23161
Introduced
ac2cbfcbc5954384cb92da7ed2641d1e06322827
Last affected
9c57b4c8a13edc7988ab28b2770c14e49cb5b52c
Last affected
c49a29a247201aa1375f00b7abb763eacb344ee2
Last affected
f56485d92daceaca47e050d15f0088265852d7d8
Introduced
93a2c589c5efc9e550b15103ba707c2b60f8725c
Last affected
f916233f410b9d27e2ddb23de4c9ff1e29af29b5

Affected versions

2.*

2.6.0.RELEASE

3.*

3.0.0.RELEASE
3.0.1.RELEASE
3.0.2.RELEASE
3.0.3.RELEASE
3.0.4.RELEASE
3.0.5.RELEASE