PT-2018-8443 · Spring · Spring Boot+1

Man Yue Mo

Publicado

2018-01-04

Atualizado

2022-05-13

CVE-2017-8046

CVSS v3.1

9.8

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Spring Data REST versions prior to 2.6.9 (Ingalls SR9) Spring Data REST versions prior to 3.0.1 (Kay SR1) Spring Boot versions prior to 1.5.9 Spring Boot versions prior to 2.0 M6

Description The issue allows malicious PATCH requests submitted to servers to use specially crafted JSON data, enabling the execution of arbitrary Java code.

Recommendations For Spring Data REST versions prior to 2.6.9 (Ingalls SR9), update to version 2.6.9 or later. For Spring Data REST versions prior to 3.0.1 (Kay SR1), update to version 3.0.1 or later. For Spring Boot versions prior to 1.5.9, update to version 1.5.9 or later. For Spring Boot versions prior to 2.0 M6, update to version 2.0 M6 or later.

Exploit

Correção

RCE

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-20

Identificadores relacionados

CVE-2017-8046

GHSA-9QF9-28H9-HQCJ

Produtos afetados

Spring Boot

Spring Data Rest

PT-2018-8443 · Spring · Spring Boot+1

CVE-2017-8046

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 16