Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/org.springframework.data/spring-data-commons@2.0.5.RELEASE
Typemaven
Namespaceorg.springframework.data
Namespring-data-commons
Version2.0.5.RELEASE
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version2.0.6.RELEASE
Latest_non_vulnerable_version5.0.5.RELEASE
Affected_by_vulnerabilities
0
url VCID-nfsq-9tkw-tqcs
vulnerability_id VCID-nfsq-9tkw-tqcs
summary 
Improper Input Validation
Spring Data Commons contains a property binder vulnerability caused by improper neutralization of special elements. An unauthenticated remote malicious user (or attacker) can supply specially crafted request parameters against Spring Data REST backed HTTP resources or using Spring Data's projection-based request payload binding hat can lead to a remote code execution attack.
references
0
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-1273
reference_id CVE-2018-1273
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2018-1273
1
reference_url https://pivotal.io/security/cve-2018-1273
reference_id CVE-2018-1273
reference_type
scores
url https://pivotal.io/security/cve-2018-1273
fixed_packages
0
url pkg:maven/org.springframework.data/spring-data-commons@2.0.6.RELEASE
purl pkg:maven/org.springframework.data/spring-data-commons@2.0.6.RELEASE
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.data/spring-data-commons@2.0.6.RELEASE
aliases CVE-2018-1273
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nfsq-9tkw-tqcs
1
url VCID-wkyq-83m5-wuf7
vulnerability_id VCID-wkyq-83m5-wuf7
summary 
Allocation of Resources Without Limits or Throttling
Spring Data Commons contain a property path parser vulnerability caused by unlimited resource allocation. An unauthenticated remote malicious user (or attacker) can issue requests against Spring Data REST endpoints or endpoints using property path parsing which can cause a denial of service (CPU and memory consumption).
references
0
reference_url http://www.securityfocus.com/bid/103769
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/103769
1
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-1274
reference_id CVE-2018-1274
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2018-1274
2
reference_url https://pivotal.io/security/cve-2018-1274
reference_id CVE-2018-1274
reference_type
scores
url https://pivotal.io/security/cve-2018-1274
fixed_packages
0
url pkg:maven/org.springframework.data/spring-data-commons@2.0.6.RELEASE
purl pkg:maven/org.springframework.data/spring-data-commons@2.0.6.RELEASE
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.data/spring-data-commons@2.0.6.RELEASE
aliases CVE-2018-1274
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wkyq-83m5-wuf7
Fixing_vulnerabilities
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.data/spring-data-commons@2.0.5.RELEASE