Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:maven/org.springframework.data/spring-data-commons@1.10.2.RELEASE

Type maven

Namespace org.springframework.data

Name spring-data-commons

Version 1.10.2.RELEASE

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 1.13.12.RELEASE

Latest_non_vulnerable_version 2.0.7.RELEASE

Affected_by_vulnerabilities

url VCID-81j5-6v3h-v3cq

vulnerability_id VCID-81j5-6v3h-v3cq

summary Spring Data Commons, versions 1.13 to 1.13.10, 2.0 to 2.0.5, and older unsupported versions, contain a property path parser vulnerability caused by unlimited resource allocation. An unauthenticated remote malicious user (or attacker) can issue requests against Spring Data REST endpoints or endpoints using property path parsing which can cause a denial of service (CPU and memory consumption).

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1274.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1274.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-1274

reference_id

reference_type

scores

value	0.00845
scoring_system	epss
scoring_elements	0.74858
published_at	2026-04-29T12:55:00Z

value	0.00967
scoring_system	epss
scoring_elements	0.76524
published_at	2026-04-01T12:55:00Z

value	0.00967
scoring_system	epss
scoring_elements	0.76529
published_at	2026-04-02T12:55:00Z

value	0.00967
scoring_system	epss
scoring_elements	0.76558
published_at	2026-04-04T12:55:00Z

value	0.00967
scoring_system	epss
scoring_elements	0.76538
published_at	2026-04-07T12:55:00Z

value	0.00967
scoring_system	epss
scoring_elements	0.7657
published_at	2026-04-08T12:55:00Z

value	0.00967
scoring_system	epss
scoring_elements	0.76581
published_at	2026-04-09T12:55:00Z

value	0.00967
scoring_system	epss
scoring_elements	0.76608
published_at	2026-04-11T12:55:00Z

value	0.00967
scoring_system	epss
scoring_elements	0.76587
published_at	2026-04-12T12:55:00Z

value	0.00967
scoring_system	epss
scoring_elements	0.7658
published_at	2026-04-13T12:55:00Z

value	0.00967
scoring_system	epss
scoring_elements	0.76622
published_at	2026-04-16T12:55:00Z

value	0.00967
scoring_system	epss
scoring_elements	0.76625
published_at	2026-04-18T12:55:00Z

value	0.00967
scoring_system	epss
scoring_elements	0.76614
published_at	2026-04-21T12:55:00Z

value	0.00967
scoring_system	epss
scoring_elements	0.76646
published_at	2026-04-24T12:55:00Z

value	0.00967
scoring_system	epss
scoring_elements	0.76652
published_at	2026-04-26T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-1274

reference_url

https://github.com/advisories/GHSA-5q8m-mqmx-pxp9

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/advisories/GHSA-5q8m-mqmx-pxp9

reference_url

https://github.com/spring-projects/spring-data-commons/commit/371f6590c509c72f8e600f3d05e110941607fba

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/spring-projects/spring-data-commons/commit/371f6590c509c72f8e600f3d05e110941607fba

reference_url

https://github.com/spring-projects/spring-data-commons/commit/3d8576fe4e4e71c23b9e6796b32fd56e51182ee

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/spring-projects/spring-data-commons/commit/3d8576fe4e4e71c23b9e6796b32fd56e51182ee

reference_url

https://www.oracle.com/security-alerts/cpujul2022.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpujul2022.html

reference_url

http://www.securityfocus.com/bid/103769

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.securityfocus.com/bid/103769

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1565926
reference_id	1565926
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1565926

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:pivotal_software:spring_data_commons::::::::
reference_id	cpe:2.3:a:pivotal_software:spring_data_commons::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:pivotal_software:spring_data_commons::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:pivotal_software:spring_data_rest::::::::
reference_id	cpe:2.3:a:pivotal_software:spring_data_rest::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:pivotal_software:spring_data_rest::::::::

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2018-1274

reference_id

CVE-2018-1274

reference_type

scores

value	5.0
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:N/I:N/A:P

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2018-1274

reference_url

https://pivotal.io/security/cve-2018-1274

reference_id

CVE-2018-1274

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://pivotal.io/security/cve-2018-1274

fixed_packages

url	pkg:maven/org.springframework.data/spring-data-commons@1.13.11
purl	pkg:maven/org.springframework.data/spring-data-commons@1.13.11
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.data/spring-data-commons@1.13.11

url pkg:maven/org.springframework.data/spring-data-commons@1.13.11.RELEASE

purl pkg:maven/org.springframework.data/spring-data-commons@1.13.11.RELEASE

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-92mk-6xrd-gbaa

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.data/spring-data-commons@1.13.11.RELEASE

url	pkg:maven/org.springframework.data/spring-data-commons@2.0.6
purl	pkg:maven/org.springframework.data/spring-data-commons@2.0.6
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.data/spring-data-commons@2.0.6

url pkg:maven/org.springframework.data/spring-data-commons@2.0.6.RELEASE

purl pkg:maven/org.springframework.data/spring-data-commons@2.0.6.RELEASE

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-92mk-6xrd-gbaa

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.data/spring-data-commons@2.0.6.RELEASE

aliases CVE-2018-1274, GHSA-5q8m-mqmx-pxp9

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-81j5-6v3h-v3cq

url VCID-s8a4-9j7s-8fc8

vulnerability_id VCID-s8a4-9j7s-8fc8

summary Spring Data Commons, versions prior to 1.13 to 1.13.10, 2.0 to 2.0.5, and older unsupported versions, contain a property binder vulnerability caused by improper neutralization of special elements. An unauthenticated remote malicious user (or attacker) can supply specially crafted request parameters against Spring Data REST backed HTTP resources or using Spring Data's projection-based request payload binding hat can lead to a remote code execution attack.

references

reference_url

http://mail-archives.apache.org/mod_mbox/ignite-dev/201807.mbox/%3CCAK0qHnqzfzmCDFFi6c5Jok19zNkVCz5Xb4sU%3D0f2J_1i4p46zQ%40mail.gmail.com%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Act
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T12:41:40Z/

url

http://mail-archives.apache.org/mod_mbox/ignite-dev/201807.mbox/%3CCAK0qHnqzfzmCDFFi6c5Jok19zNkVCz5Xb4sU%3D0f2J_1i4p46zQ%40mail.gmail.com%3E

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1273.json

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1273.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-1273

reference_id

reference_type

scores

value	0.94288
scoring_system	epss
scoring_elements	0.99941
published_at	2026-04-26T12:55:00Z

value	0.94288
scoring_system	epss
scoring_elements	0.99942
published_at	2026-04-29T12:55:00Z

value	0.94288
scoring_system	epss
scoring_elements	0.9994
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-1273

reference_url

https://github.com/advisories/GHSA-4fq3-mr56-cg6r

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	cvssv3.1_qr
scoring_elements

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/advisories/GHSA-4fq3-mr56-cg6r

reference_url

https://github.com/spring-projects/spring-data-commons

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/spring-projects/spring-data-commons

reference_url	https://github.com/spring-projects/spring-data-commons/commit/ae1dd2741ce06d44a0966ecbd6f47beabde2b65
reference_id
reference_type
scores
url	https://github.com/spring-projects/spring-data-commons/commit/ae1dd2741ce06d44a0966ecbd6f47beabde2b65

reference_url

https://github.com/spring-projects/spring-data-commons/commit/ae1dd2741ce06d44a0966ecbd6f47beabde2b653

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/spring-projects/spring-data-commons/commit/ae1dd2741ce06d44a0966ecbd6f47beabde2b653

reference_url	https://github.com/spring-projects/spring-data-commons/commit/b1a20ae1e82a63f99b3afc6f2aaedb3bf4dc432
reference_id
reference_type
scores
url	https://github.com/spring-projects/spring-data-commons/commit/b1a20ae1e82a63f99b3afc6f2aaedb3bf4dc432

reference_url

https://github.com/spring-projects/spring-data-commons/commit/b1a20ae1e82a63f99b3afc6f2aaedb3bf4dc432a

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/spring-projects/spring-data-commons/commit/b1a20ae1e82a63f99b3afc6f2aaedb3bf4dc432a

reference_url

https://github.com/spring-projects/spring-data-commons/issues/1721

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/spring-projects/spring-data-commons/issues/1721

reference_url

https://www.oracle.com/security-alerts/cpujul2022.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Act
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T12:41:40Z/

url

https://www.oracle.com/security-alerts/cpujul2022.html

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1565923
reference_id	1565923
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1565923

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2018-1273

reference_id

CVE-2018-1273

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2018-1273

reference_url

https://pivotal.io/security/cve-2018-1273

reference_id

CVE-2018-1273

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Act
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T12:41:40Z/

url

https://pivotal.io/security/cve-2018-1273

fixed_packages

url pkg:maven/org.springframework.data/spring-data-commons@1.12.11.RELEASE

purl pkg:maven/org.springframework.data/spring-data-commons@1.12.11.RELEASE

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-81j5-6v3h-v3cq

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.data/spring-data-commons@1.12.11.RELEASE

url	pkg:maven/org.springframework.data/spring-data-commons@1.13.11
purl	pkg:maven/org.springframework.data/spring-data-commons@1.13.11
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.data/spring-data-commons@1.13.11

url pkg:maven/org.springframework.data/spring-data-commons@1.13.11.RELEASE

purl pkg:maven/org.springframework.data/spring-data-commons@1.13.11.RELEASE

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-92mk-6xrd-gbaa

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.data/spring-data-commons@1.13.11.RELEASE

url	pkg:maven/org.springframework.data/spring-data-commons@2.0.6
purl	pkg:maven/org.springframework.data/spring-data-commons@2.0.6
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.data/spring-data-commons@2.0.6

url pkg:maven/org.springframework.data/spring-data-commons@2.0.6.RELEASE

purl pkg:maven/org.springframework.data/spring-data-commons@2.0.6.RELEASE

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-92mk-6xrd-gbaa

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.data/spring-data-commons@2.0.6.RELEASE

aliases CVE-2018-1273, GHSA-4fq3-mr56-cg6r

risk_score 10.0

exploitability 2.0

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-s8a4-9j7s-8fc8

Fixing_vulnerabilities

Risk_score 10.0

Resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.data/spring-data-commons@1.10.2.RELEASE

Package Instance