CVE-2018-1273

Source
https://nvd.nist.gov/vuln/detail/CVE-2018-1273
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-1273.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2018-1273
Aliases
Published
2018-04-11T13:29:00Z
Modified
2024-10-12T03:13:31.760185Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

Spring Data Commons, versions prior to 1.13 to 1.13.10, 2.0 to 2.0.5, and older unsupported versions, contain a property binder vulnerability caused by improper neutralization of special elements. An unauthenticated remote malicious user (or attacker) can supply specially crafted request parameters against Spring Data REST backed HTTP resources or using Spring Data's projection-based request payload binding hat can lead to a remote code execution attack.

References

Affected packages

Git / github.com/apache/ignite

Affected ranges

Affected versions

1.*

1.13.0.RELEASE
1.13.1.RELEASE
1.13.10.RELEASE
1.13.2.RELEASE
1.13.3.RELEASE
1.13.4.RELEASE
1.13.5.RELEASE
1.13.6.RELEASE
1.13.7.RELEASE
1.13.8.RELEASE
1.13.9.RELEASE

2.*

2.0.0.RELEASE
2.0.1.RELEASE
2.0.2.RELEASE
2.0.3.RELEASE
2.0.4.RELEASE
2.0.5.RELEASE
2.1.0.M1
2.1.0.M2
2.1.0.M3
2.1.0.RC1
2.1.0.RC2
2.1.0.RELEASE
2.2.0.M1
2.2.0.M2
2.2.0.M3
2.2.0.M4
2.2.0.RC1
2.2.0.RC2
2.2.0.RC3
2.2.0.RELEASE
2.3.0.M1
2.3.0.M2
2.3.0.M3
2.3.0.M4
2.3.0.RC1
2.3.0.RC2
2.3.0.RELEASE
2.4.0
2.4.0-M1
2.4.0-M2
2.4.0-RC1
2.4.0-RC2
2.5.0
2.5.0-M1
2.5.0-M2
2.5.0-M3
2.5.0-M4
2.5.0-M5
2.5.0-RC1
2.5.1
2.5.10
2.5.2
2.5.3
2.5.4
2.5.5
2.5.6
2.5.7
2.5.8
2.5.9
2.6.0
2.6.0.RELEASE
2.6.1
2.6.10
2.6.2
2.6.3
2.6.4
2.6.5
2.6.6
2.6.7
2.6.8
2.6.9

3.*

3.0.0
3.0.0.RELEASE
3.0.1
3.0.1.RELEASE
3.0.2
3.0.2.RELEASE
3.0.3
3.0.3.RELEASE
3.0.4
3.0.4.RELEASE
3.0.5
3.0.5.RELEASE

ignite-1.*

ignite-1.0.1