[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: [oss-security] CVE-2018-1273 fixed in Metron 0.5.0
From: James Sirota <jsirota () apache ! org>
Date: 2018-06-26 19:33:32
Message-ID: 1093581530041612 () web14o ! yandex ! ru
[Download RAW message or body]
The following CVE was fixed in Metron 0.5.0:
[CVEID]: CVE-2018-1273
[PRODUCT]:Spring Data Commons
[VERSION]: versions prior to 1.13 to 1.13.10, 2.0 to 2.0.5, and older
[PROBLEMTYPE]:remote code execution attack
[REFERENCES]: https://pivotal.io/security/cve-2018-1273
[DESCRIPTION]:
Spring Data Commons, versions prior to 1.13 to 1.13.10, 2.0 to 2.0.5, and older unsupported \
versions, contain a property binder vulnerability caused by improper neutralization of special \
elements. An unauthenticated remote malicious user (or attacker) can supply specially crafted \
request parameters against Spring Data REST backed HTTP resources or using Spring Data's \
projection-based request payload binding hat can lead to a remote code execution attack.
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic