CVE-2018-1273
9.8 CRITICALSpring Data Commons, versions prior to 1.13 to 1.13.10, 2.0 to 2.0.5, and older unsupported versions, contain a property binder vulnerabi...
Published: 2018-04-11 · Last updated: 2026-06-15
Severity and scoring
- CVSS
- 9.8 CRITICAL
- Vector
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- CWE
- CWE-94
Affected products
| Vendor | Product |
|---|---|
| apache | financial_services_crime_and_compliance_management_studio, ignite, spring_data_commons |
| broadcom | financial_services_crime_and_compliance_management_studio, ignite, spring_data_commons |
| oracle | financial_services_crime_and_compliance_management_studio, ignite, spring_data_commons |
| pivotal_software | financial_services_crime_and_compliance_management_studio, ignite, spring_data_commons |
Description
Spring Data Commons, versions prior to 1.13 to 1.13.10, 2.0 to 2.0.5, and older unsupported versions, contain a property binder vulnerability caused by improper neutralization of special elements. An unauthenticated remote malicious user (or attacker) can supply specially crafted request parameters against Spring Data REST backed HTTP resources or using Spring Data's projection-based request payload binding hat can lead to a remote code execution attack.
Source: NVD
References
- [NVD]https://nvd.nist.gov/vuln/detail/CVE-2018-1273
- [Other]http://mail-archives.apache.org/mod_mbox/ignite-dev/201807.mbox/%3CCAK0qHnqzfzmCDFFi6c5Jok19zNkVCz5Xb4sU%3D0f2J_1i4p46zQ%40mail.gmail.com%3E
- [Vendor advisory]https://pivotal.io/security/cve-2018-1273
- [Patch]https://www.oracle.com/security-alerts/cpujul2022.html
- [Other]http://mail-archives.apache.org/mod_mbox/ignite-dev/201807.mbox/%3CCAK0qHnqzfzmCDFFi6c5Jok19zNkVCz5Xb4sU%3D0f2J_1i4p46zQ%40mail.gmail.com%3E
- [Vendor advisory]https://pivotal.io/security/cve-2018-1273
- [Patch]https://www.oracle.com/security-alerts/cpujul2022.html
- [Other]https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-1273
Related CVEs
Same vendor
- CVE-2026-50645 — There is no restriction on the amount of attachment headers that a message can contain when being deserialized by Apache CXF, which can l... (7.5 HIGH)
- CVE-2026-50634 — A vulnerability in Apache CXF's JwsJsonContainerRequestFilter can be exploited to cause CXF to process metadata that was not authenticate... (6.5 MEDIUM)
- CVE-2026-50633 — A JNDI Injection vulnerability has been discovered in Apache CXF's JCA integration module, which can allow for code execution, if an atta... (8.1 HIGH)
- CVE-2026-50632 — A further incomplete fix for a previous advisory CVE-2026-44417 (Untrusted JMS configuration can lead to RCE) for Apache CXF has been ide... (8.1 HIGH)
- CVE-2026-50631 — A race condition in AbstractOAuthDataProvider allows concurrent requests using the same Refresh Token to bypass single-use semantics and ... (7.4 HIGH)
Same CWE
- CVE-2026-48017 — DbGate is cross-platform database manager (8.8 HIGH)
- CVE-2026-48836 — Unauthenticated Remote Code Execution (RCE) in Easy Invoice <= 2.1.19 versions (10.0 CRITICAL)
- CVE-2026-48124 — Cursor is a code editor built for programming with AI
- CVE-2026-39465 — Editor Remote Code Execution (RCE) in Responsive Slider by MetaSlider <= 3.106.0 versions (9.1 CRITICAL)
- CVE-2026-52704 — Improper Control of Generation of Code ('Code Injection') vulnerability in Edgar Rojas WooCommerce PDF Invoice Builder allows Remote Code... (10.0 CRITICAL)