High severity7.5NVD Advisory· Published Apr 18, 2018· Updated Jun 26, 2026
CVE-2018-1274
CVE-2018-1274
Description
Spring Data Commons, versions 1.13 to 1.13.10, 2.0 to 2.0.5, and older unsupported versions, contain a property path parser vulnerability caused by unlimited resource allocation. An unauthenticated remote malicious user (or attacker) can issue requests against Spring Data REST endpoints or endpoints using property path parsing which can cause a denial of service (CPU and memory consumption).
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.springframework.data:spring-data-commonsMaven | < 1.13.11 | 1.13.11 |
org.springframework.data:spring-data-commonsMaven | >= 2.0.0, < 2.0.6 | 2.0.6 |
Affected products
2- Spring by Pivotal/Spring Frameworkv5Range: Versions 1.13 to 1.13.10, 2.0 to 2.0.5
Patches
Vulnerability mechanics
References
7- github.com/advisories/GHSA-5q8m-mqmx-pxp9ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2018-1274ghsaADVISORY
- pivotal.io/security/cve-2018-1274nvdVendor AdvisoryWEB
- www.oracle.com/security-alerts/cpujul2022.htmlnvdThird Party AdvisoryWEB
- www.securityfocus.com/bid/103769nvdBroken LinkWEB
- github.com/spring-projects/spring-data-commons/commit/371f6590c509c72f8e600f3d05e110941607fbaghsaWEB
- github.com/spring-projects/spring-data-commons/commit/3d8576fe4e4e71c23b9e6796b32fd56e51182eeghsaWEB
News mentions
0No linked articles in our index yet.