CVE-2018-1273

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2018-1273

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-1273.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2018-1273

Aliases

GHSA-4fq3-mr56-cg6r

Published

2018-04-11T13:29:00.290Z

Modified

2026-02-20T02:16:06.037181Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

Spring Data Commons, versions prior to 1.13 to 1.13.10, 2.0 to 2.0.5, and older unsupported versions, contain a property binder vulnerability caused by improper neutralization of special elements. An unauthenticated remote malicious user (or attacker) can supply specially crafted request parameters against Spring Data REST backed HTTP resources or using Spring Data's projection-based request payload binding hat can lead to a remote code execution attack.

References

Affected packages

Git

github.com/apache/ignite

Affected ranges

Type: GIT
Repo: https://github.com/apache/ignite
Events: Introduced

fceebf26559068eac36b7395a7c6d51229c33469

Last affected

86e110c750a340dc9be2d396415f0b80d7ed8813

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-1273.json"

github.com/spring-projects/spring-data-commons

Affected ranges

Type: GIT
Repo: https://github.com/spring-projects/spring-data-commons
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

a7aacccf0b337c43ae622487755f0a62e8e11255

Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

f386cd6e47d018c2f7640869bf5595797e3f74c0

Introduced

ac92b5ee9ed83432cec927a47c893dcd4f61e0b1

Last affected

19a5fccf475b55536f9cc612a892a83af9a2c85d

Introduced

ba84e875ff32f5ce01370446f908c80308fd1a82

Last affected

688fb702d2bc9331431ca44a253b66a41feac27a

Introduced

d5cad6c27f765587a3976620324153352058a4a7

Last affected

8ddb7cefe1fb0ba075dbbdc7035ab7e2a5c75c19

Introduced

dc8583795871a09d78a15b075935a6cada57d597

Last affected

70ac316b400937d7e1dff71c1605a4205fc818bd

Affected versions

1.*

1.13.0.RELEASE

1.13.1.RELEASE

1.13.10.RELEASE

1.13.2.RELEASE

1.13.3.RELEASE

1.13.4.RELEASE

1.13.5.RELEASE

1.13.6.RELEASE

1.13.7.RELEASE

1.13.8.RELEASE

1.13.9.RELEASE

2.*

2.0.0.RELEASE

2.0.1.RELEASE

2.0.2.RELEASE

2.0.3.RELEASE

2.0.4.RELEASE

2.0.5.RELEASE

2.1.0.M1

2.1.0.M2

2.1.0.M3

2.1.0.RC1

2.1.0.RC2

2.1.0.RELEASE

2.2.0.M1

2.2.0.M2

2.2.0.M3

2.2.0.M4

2.2.0.RC1

2.2.0.RC2

2.2.0.RC3

2.2.0.RELEASE

2.3.0.M1

2.3.0.M2

2.3.0.M3

2.3.0.M4

2.3.0.RC1

2.3.0.RC2

2.3.0.RELEASE

2.4.0

2.4.0-M1

2.4.0-M2

2.4.0-RC1

2.4.0-RC2

2.5.0

2.5.0-M1

2.5.0-M2

2.5.0-M3

2.5.0-M4

2.5.0-M5

2.5.0-RC1

2.6.0

3.*

3.0.0

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-1273.json"

github.com/spring-projects/spring-data-rest

Affected ranges

Type: GIT
Repo: https://github.com/spring-projects/spring-data-rest
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

c49a29a247201aa1375f00b7abb763eacb344ee2

Introduced

93a2c589c5efc9e550b15103ba707c2b60f8725c

Last affected

f916233f410b9d27e2ddb23de4c9ff1e29af29b5

Introduced

ac2cbfcbc5954384cb92da7ed2641d1e06322827

Last affected

9c57b4c8a13edc7988ab28b2770c14e49cb5b52c

Affected versions

2.*

2.6.0.RELEASE

3.*

3.0.0.RELEASE

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-1273.json"