QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2017-8046

Back to search

CVE-2017-8046

Published: Jan 4, 2018

Modified: Aug 5, 2024

PUBLISHED

Description

Malicious PATCH requests submitted to servers using Spring Data REST versions prior to 2.6.9 (Ingalls SR9), versions prior to 3.0.1 (Kay SR1) and Spring Boot versions prior to 1.5.9, 2.0 M6 can use specially crafted JSON data to run arbitrary Java code.

VendorProductVersions

Pivotal

Pivotal Spring Data REST and Spring Boot

affected
Pivotal Spring Data REST versions prior to 2.6.9 (Ingalls SR9), 3.0.1 (Kay SR1) and Spring Boot versions prior to 1.5.9, 2.0 M6

References

RHSA-2018:2405
vendor-advisory
x_refsource_REDHAT
100948
vdb-entry
x_refsource_BID
44289
exploit
x_refsource_EXPLOIT-DB

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now