CVE-2018-1274

Name of the Vulnerable Software and Affected Versions Spring Data Commons versions 1.13 to 1.13.10 Spring Data Commons versions 2.0 to 2.0.5 Spring Data Commons older unsupported versions

Description The issue is caused by unlimited resource allocation due to a property path parser vulnerability. An unauthenticated remote attacker can issue requests against Spring Data REST endpoints or endpoints using property path parsing, leading to a denial of service through CPU and memory consumption.

Recommendations For Spring Data Commons versions 1.13 to 1.13.10, update to a version outside of this range to resolve the issue. For Spring Data Commons versions 2.0 to 2.0.5, update to a version outside of this range to resolve the issue. For Spring Data Commons older unsupported versions, consider upgrading to a supported version to mitigate the risk. At the moment, there is no information about a newer version that contains a fix for this vulnerability.