QwikSec

Security Database

CVE

CWE

Training

CVE-2018-1273

Published: Apr 11, 2018

Modified: Oct 21, 2025

PUBLISHED

Description

Spring Data Commons, versions prior to 1.13 to 1.13.10, 2.0 to 2.0.5, and older unsupported versions, contain a property binder vulnerability caused by improper neutralization of special elements. An unauthenticated remote malicious user (or attacker) can supply specially crafted request parameters against Spring Data REST backed HTTP resources or using Spring Data's projection-based request payload binding hat can lead to a remote code execution attack.

Vendor	Product	Versions
Spring by Pivotal	Spring Framework	affected `Versions prior to 1.13 to 1.13.10, 2.0 to 2.0.5, and older unsupported versions`

Weaknesses (CWE)

References

[ignite-dev] 20180719 [CVE-2018-1273] Apache Ignite impacted by security vulnerability in Spring Data Commons

mailing-list

x_refsource_MLIST

https://www.oracle.com/security-alerts/cpujul2022.html

x_refsource_MISC

https://pivotal.io/security/cve-2018-1273

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.