CVE-2018-1274
moderate-risk
Published 2018-04-18
Spring Data Commons, versions 1.13 to 1.13.10, 2.0 to 2.0.5, and older unsupported versions, contain a property path parser vulnerability caused by unlimited resource allocation. An unauthenticated remote malicious user (or attacker) can issue requests against Spring Data REST endpoints or endpoints using property path parsing which can cause a denial of service (CPU and memory consumption).
Do I need to act?
-
0.97% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.5/10
High
NETWORK
/ LOW complexity
Affected Products (2)
Affected Vendors
References (6)
Broken Link
http://www.securityfocus.com/bid/103769
Vendor Advisory
https://pivotal.io/security/cve-2018-1274
Third Party Advisory
https://www.oracle.com/security-alerts/cpujul2022.html
Broken Link
http://www.securityfocus.com/bid/103769
Vendor Advisory
https://pivotal.io/security/cve-2018-1274
Third Party Advisory
https://www.oracle.com/security-alerts/cpujul2022.html
36
/ 100
moderate-risk
Severity
26/34 · High
Exploitability
3/34 · Minimal
Exposure
7/34 · Low