cvedb.io
CVE-2018-1274
HIGH · CVSS 7.5
EPSS exploitation probability: 0%
Published 2018-04-18T16:29:00.417 · Last modified 2026-06-26T18:44:14.703

Summary

Spring Data Commons, versions 1.13 to 1.13.10, 2.0 to 2.0.5, and older unsupported versions, contain a property path parser vulnerability caused by unlimited resource allocation. An unauthenticated remote malicious user (or attacker) can issue requests against Spring Data REST endpoints or endpoints using property path parsing which can cause a denial of service (CPU and memory consumption).

Affected products

broadcom — spring_data_commons

Does this affect you?

Add your gear to cvedb and we'll alert you only when broadcom ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.