VYPR

Maven package

org.springframework.data/spring-data-commons

pkg:maven/org.springframework.data/spring-data-commons

Vulnerabilities (3)

  • CVE-2018-1259HigMay 11, 2018
    affected >= 1.13.0, < 1.13.12fixed 1.13.12

    Spring Data Commons, versions 1.13 prior to 1.13.12 and 2.0 prior to 2.0.7, used in combination with XMLBeam 1.4.14 or earlier versions, contains a property binder vulnerability caused by improper restriction of XML external entity references as underlying library XMLBeam does no

  • CVE-2018-1274HigApr 18, 2018
    affected < 1.13.11fixed 1.13.11

    Spring Data Commons, versions 1.13 to 1.13.10, 2.0 to 2.0.5, and older unsupported versions, contain a property path parser vulnerability caused by unlimited resource allocation. An unauthenticated remote malicious user (or attacker) can issue requests against Spring Data REST en

  • CVE-2018-1273CriKEVApr 11, 2018
    affected >= 1.13.0, < 1.13.11fixed 1.13.11

    Spring Data Commons, versions prior to 1.13 to 1.13.10, 2.0 to 2.0.5, and older unsupported versions, contain a property binder vulnerability caused by improper neutralization of special elements. An unauthenticated remote malicious user (or attacker) can supply specially crafted