Critical severity9.8CISA KEVNVD Advisory· Published Apr 11, 2018· Updated Jun 26, 2026
CVE-2018-1273
CVE-2018-1273
Description
Spring Data Commons, versions prior to 1.13 to 1.13.10, 2.0 to 2.0.5, and older unsupported versions, contain a property binder vulnerability caused by improper neutralization of special elements. An unauthenticated remote malicious user (or attacker) can supply specially crafted request parameters against Spring Data REST backed HTTP resources or using Spring Data's projection-based request payload binding hat can lead to a remote code execution attack.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.springframework.data:spring-data-commonsMaven | >= 1.13.0, < 1.13.11 | 1.13.11 |
org.springframework.data:spring-data-commonsMaven | >= 2.0.0, < 2.0.6 | 2.0.6 |
Affected products
2- Spring by Pivotal/Spring Frameworkv5Range: Versions prior to 1.13 to 1.13.10, 2.0 to 2.0.5, and older unsupported versions
Patches
Vulnerability mechanics
References
9- www.oracle.com/security-alerts/cpujul2022.htmlnvdPatchThird Party AdvisoryWEB
- mail-archives.apache.org/mod_mbox/ignite-dev/201807.mbox/%3CCAK0qHnqzfzmCDFFi6c5Jok19zNkVCz5Xb4sU%3D0f2J_1i4p46zQ%40mail.gmail.com%3EnvdMailing ListThird Party AdvisoryWEB
- github.com/advisories/GHSA-4fq3-mr56-cg6rghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2018-1273ghsaADVISORY
- pivotal.io/security/cve-2018-1273nvdVendor AdvisoryWEB
- github.com/spring-projects/spring-data-commons/commit/ae1dd2741ce06d44a0966ecbd6f47beabde2b653ghsaWEB
- github.com/spring-projects/spring-data-commons/commit/b1a20ae1e82a63f99b3afc6f2aaedb3bf4dc432aghsaWEB
- github.com/spring-projects/spring-data-commons/issues/1721ghsaWEB
- www.cisa.gov/known-exploited-vulnerabilities-catalognvdUS Government Resource
News mentions
0No linked articles in our index yet.