CVE-2018-1259
7.5 HIGHSpring Data Commons, versions 1.13 prior to 1.13.12 and 2.0 prior to 2.0.7, used in combination with XMLBeam 1.4.14 or earlier versions, ...
Published: 2018-05-11 · Last updated: 2026-06-15
Severity and scoring
- CVSS
- 7.5 HIGH
- Vector
- CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
- CWE
- CWE-611
Affected products
| Vendor | Product |
|---|---|
| broadcom | spring_data_commons, spring_data_rest, xmlbeam |
| pivotal_software | spring_data_commons, spring_data_rest, xmlbeam |
| xmlbeam | spring_data_commons, spring_data_rest, xmlbeam |
Description
Spring Data Commons, versions 1.13 prior to 1.13.12 and 2.0 prior to 2.0.7, used in combination with XMLBeam 1.4.14 or earlier versions, contains a property binder vulnerability caused by improper restriction of XML external entity references as underlying library XMLBeam does not restrict external reference expansion. An unauthenticated remote malicious user can supply specially crafted request parameters against Spring Data's projection-based request payload binding to access arbitrary files on the system.
Source: NVD
References
- [NVD]https://nvd.nist.gov/vuln/detail/CVE-2018-1259
- [Other]https://access.redhat.com/errata/RHSA-2018:1809
- [Other]https://access.redhat.com/errata/RHSA-2018:3768
- [Vendor advisory]https://pivotal.io/security/cve-2018-1259
- [Other]https://www.oracle.com/security-alerts/cpujul2022.html
- [Other]https://access.redhat.com/errata/RHSA-2018:1809
- [Other]https://access.redhat.com/errata/RHSA-2018:3768
- [Vendor advisory]https://pivotal.io/security/cve-2018-1259
- [Other]https://www.oracle.com/security-alerts/cpujul2022.html
Related CVEs
Same vendor
- CVE-2026-41721 — Spring Data Commons contains a vulnerability that can lead to a Denial of Service (DoS) condition if Spring Data Web Support is enabled i... (5.9 MEDIUM)
- CVE-2026-41716 — Spring Data's internal property-lookup cache accepts and permanently retains attacker-supplied strings as cache keys, allowing heap exhau... (7.5 HIGH)
- CVE-2026-41711 — Applications using Spring Data Commons may be vulnerable to a Denial of Service (DoS) attack leading to a StackOverflowException when par... (5.9 MEDIUM)
- CVE-2026-41695 — Spring Data Commons applications may be vulnerable to denial of service through resource exhaustion when attacker-controlled property pat... (7.5 HIGH)
- CVE-2026-44839 — RabbitMQ is a messaging and streaming broker (4.8 MEDIUM)
Same CWE
- CVE-2026-49875 — Apache CXF's EndpointReferenceUtils and W3CMultiSchemaFactory classes construct a SAXParserFactory without the necessary JAXP hardening c... (9.8 CRITICAL)
- CVE-2026-40998 — Jaxp13XPathTemplate evaluated XPath expressions for StreamSource and SAXSource inputs using a code path that parsed attacker-controlled X... (8.2 HIGH)
- CVE-2026-40991 — When using spring-restdocs-webtestclient or spring-restdocs-restassured to document a remote API accessed over HTTP, an attacker who comp... (5.9 MEDIUM)
- CVE-2026-47960 — ColdFusion versions 2023.19, 2025.8 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerab... (7.4 HIGH)
- CVE-2026-8045 — CWE-611 Improper Restriction of XML External Entity Reference vulnerability exists that could cause information disclosure of server-side...