CVE-2018-1273
ADVISORY - githubSummary
Spring Data Commons, versions prior to 1.13 to 1.13.10, 2.0 to 2.0.5, and older unsupported versions, contain a property binder vulnerability caused by improper neutralization of special elements. An unauthenticated remote malicious user (or attacker) can supply specially crafted request parameters against Spring Data REST backed HTTP resources or using Spring Data's projection-based request payload binding that can lead to a remote code execution attack.
EPSS Score: 0.94288 (0.999)
Common Weakness Enumeration (CWE)
ADVISORY - nist
ADVISORY - github
ADVISORY - gitlab
ADVISORY - redhat
Improper Neutralization of Special Elements
NIST
CREATED
UPDATED
ADVISORY IDCVE-2018-1273
EXPLOITABILITY SCORE
3.9
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)
CVSS SCORE
9.8criticalGitHub
CVSS SCORE
9.8criticalRed Hat
CREATED
UPDATED
ADVISORY IDCVE-2018-1273
EXPLOITABILITY SCORE
3.9
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)
CVSS SCORE
9.8criticalintheWild
CREATED
UPDATED
ADVISORY IDCVE-2018-1273
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
CISA
CREATED
UPDATED
ADVISORY ID
CVE-2018-1273
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-