{"id":"CVE-2018-1273","details":"Spring Data Commons, versions prior to 1.13 to 1.13.10, 2.0 to 2.0.5, and older unsupported versions, contain a property binder vulnerability caused by improper neutralization of special elements. An unauthenticated remote malicious user (or attacker) can supply specially crafted request parameters against Spring Data REST backed HTTP resources or using Spring Data's projection-based request payload binding hat can lead to a remote code execution attack.","aliases":["GHSA-4fq3-mr56-cg6r"],"modified":"2026-04-10T04:05:00.356235Z","published":"2018-04-11T13:29:00.290Z","references":[{"type":"WEB","url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-1273"},{"type":"ADVISORY","url":"http://mail-archives.apache.org/mod_mbox/ignite-dev/201807.mbox/%3CCAK0qHnqzfzmCDFFi6c5Jok19zNkVCz5Xb4sU%3D0f2J_1i4p46zQ%40mail.gmail.com%3E"},{"type":"ADVISORY","url":"https://pivotal.io/security/cve-2018-1273"},{"type":"FIX","url":"https://www.oracle.com/security-alerts/cpujul2022.html"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/spring-projects/spring-data-commons","events":[{"introduced":"0"},{"last_affected":"f386cd6e47d018c2f7640869bf5595797e3f74c0"},{"introduced":"d5cad6c27f765587a3976620324153352058a4a7"},{"last_affected":"8ddb7cefe1fb0ba075dbbdc7035ab7e2a5c75c19"},{"introduced":"dc8583795871a09d78a15b075935a6cada57d597"},{"last_affected":"70ac316b400937d7e1dff71c1605a4205fc818bd"},{"introduced":"0"},{"last_affected":"139b3b6f216096a7425287934e0d7e0791e7c60e"},{"introduced":"ba84e875ff32f5ce01370446f908c80308fd1a82"},{"last_affected":"688fb702d2bc9331431ca44a253b66a41feac27a"},{"introduced":"ac92b5ee9ed83432cec927a47c893dcd4f61e0b1"},{"last_affected":"19a5fccf475b55536f9cc612a892a83af9a2c85d"},{"introduced":"0"},{"last_affected":"a7aacccf0b337c43ae622487755f0a62e8e11255"},{"introduced":"0"},{"last_affected":"bc130ab9fd8ef8021fab62b67887120e5f4df799"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"1.12.10"},{"introduced":"1.13.0"},{"last_affected":"1.13.10"},{"introduced":"2.0.0"},{"last_affected":"2.0.5"},{"introduced":"0"},{"last_affected":"2.5.10"},{"introduced":"2.6.0"},{"last_affected":"2.6.10"},{"introduced":"3.0.0"},{"last_affected":"3.0.5"},{"introduced":"1.0.1"},{"last_affected":"2.5.0"},{"introduced":"0"},{"last_affected":"1.0.0-NA"}]}},{"type":"GIT","repo":"https://github.com/spring-projects/spring-data-rest","events":[{"introduced":"0"},{"last_affected":"2e997b2a4bfe97feedf7c171cb09ce60a6d74dee"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"1.0.0-rc3"}]}}],"versions":["1.0.0.M1","1.0.0.M2","1.0.0.M3","1.0.0.M4","1.0.0.M5","1.0.0.M6","1.0.0.RC1","1.0.0.RC3","1.0.0.RELEASE","1.1.0.M1","1.1.0.M2","1.1.0.RC1","1.1.0.RELEASE","1.10.0.M1","1.10.0.RC1","1.10.0.RELEASE","1.11.0.M1","1.11.0.RC1","1.11.0.RELEASE","1.12.0.M1","1.12.0.RC1","1.12.0.RELEASE","1.12.1.RELEASE","1.12.10.RELEASE","1.12.2.RELEASE","1.12.3.RELEASE","1.12.4.RELEASE","1.12.5.RELEASE","1.12.6.RELEASE","1.12.7.RELEASE","1.12.8.RELEASE","1.12.9.RELEASE","1.13.0.RELEASE","1.13.1.RELEASE","1.13.10.RELEASE","1.13.2.RELEASE","1.13.3.RELEASE","1.13.4.RELEASE","1.13.5.RELEASE","1.13.6.RELEASE","1.13.7.RELEASE","1.13.8.RELEASE","1.13.9.RELEASE","1.2.0.M1","1.2.0.M2","1.2.0.RC1","1.2.0.RELEASE","1.3.0.M1","1.3.0.RC1","1.3.0.RC2","1.3.0.RELEASE","1.4.0.M1","1.4.0.RC1","1.4.0.RELEASE","1.5.0.RELEASE","1.6.0.M1","1.6.0.RC1","1.6.0.RELEASE","1.7.0.M1","1.7.0.RC1","1.7.0.RELEASE","1.8.0.M1","1.8.0.RC1","1.8.0.RELEASE","1.9.0.M1","1.9.0.RC1","1.9.0.RELEASE","2.0.0.RELEASE","2.0.1.RELEASE","2.0.2.RELEASE","2.0.3.RELEASE","2.0.4.RELEASE","2.0.5.RELEASE","2.1.0.M1","2.1.0.M2","2.1.0.M3","2.1.0.RC1","2.1.0.RC2","2.1.0.RELEASE","2.2.0.M1","2.2.0.M2","2.2.0.M3","2.2.0.M4","2.2.0.RC1","2.2.0.RC2","2.2.0.RC3","2.2.0.RELEASE","2.3.0.M1","2.3.0.M2","2.3.0.M3","2.3.0.M4","2.3.0.RC1","2.3.0.RC2","2.3.0.RELEASE","2.4.0","2.4.0-M1","2.4.0-M2","2.4.0-RC1","2.4.0-RC2","2.5.0","2.5.0-M1","2.5.0-M2","2.5.0-M3","2.5.0-M4","2.5.0-M5","2.5.0-RC1","2.5.1","2.5.10","2.5.2","2.5.3","2.5.4","2.5.5","2.5.6","2.5.7","2.5.8","2.5.9","2.6.0","2.6.1","2.6.10","2.6.2","2.6.3","2.6.4","2.6.5","2.6.6","2.6.7","2.6.8","2.6.9","3.0.0","3.0.1","3.0.2","3.0.3","3.0.4","3.0.5"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-1273.json","unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"8.0.8.2.0"}]},{"events":[{"introduced":"0"},{"last_affected":"8.0.8.3.0"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}