Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-81j5-6v3h-v3cq

Summary Spring Data Commons, versions 1.13 to 1.13.10, 2.0 to 2.0.5, and older unsupported versions, contain a property path parser vulnerability caused by unlimited resource allocation. An unauthenticated remote malicious user (or attacker) can issue requests against Spring Data REST endpoints or endpoints using property path parsing which can cause a denial of service (CPU and memory consumption).

Aliases

alias	CVE-2018-1274

alias	GHSA-5q8m-mqmx-pxp9

Fixed_packages

url pkg:maven/org.springframework.data/spring-data-commons@1.13.11.RELEASE

purl pkg:maven/org.springframework.data/spring-data-commons@1.13.11.RELEASE

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-92mk-6xrd-gbaa

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.data/spring-data-commons@1.13.11.RELEASE

url pkg:maven/org.springframework.data/spring-data-commons@2.0.6.RELEASE

purl pkg:maven/org.springframework.data/spring-data-commons@2.0.6.RELEASE

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-92mk-6xrd-gbaa

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.data/spring-data-commons@2.0.6.RELEASE

Affected_packages

url pkg:maven/org.springframework.data/spring-data-commons@1.5.0.RELEASE

purl pkg:maven/org.springframework.data/spring-data-commons@1.5.0.RELEASE

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-81j5-6v3h-v3cq

vulnerability	VCID-s8a4-9j7s-8fc8

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.data/spring-data-commons@1.5.0.RELEASE

url pkg:maven/org.springframework.data/spring-data-commons@1.5.1.RELEASE

purl pkg:maven/org.springframework.data/spring-data-commons@1.5.1.RELEASE

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-81j5-6v3h-v3cq

vulnerability	VCID-s8a4-9j7s-8fc8

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.data/spring-data-commons@1.5.1.RELEASE

url pkg:maven/org.springframework.data/spring-data-commons@1.5.2.RELEASE

purl pkg:maven/org.springframework.data/spring-data-commons@1.5.2.RELEASE

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-81j5-6v3h-v3cq

vulnerability	VCID-s8a4-9j7s-8fc8

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.data/spring-data-commons@1.5.2.RELEASE

url pkg:maven/org.springframework.data/spring-data-commons@1.5.3.RELEASE

purl pkg:maven/org.springframework.data/spring-data-commons@1.5.3.RELEASE

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-81j5-6v3h-v3cq

vulnerability	VCID-s8a4-9j7s-8fc8

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.data/spring-data-commons@1.5.3.RELEASE

url pkg:maven/org.springframework.data/spring-data-commons@1.6.0.RELEASE

purl pkg:maven/org.springframework.data/spring-data-commons@1.6.0.RELEASE

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-81j5-6v3h-v3cq

vulnerability	VCID-s8a4-9j7s-8fc8

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.data/spring-data-commons@1.6.0.RELEASE

url pkg:maven/org.springframework.data/spring-data-commons@1.6.1.RELEASE

purl pkg:maven/org.springframework.data/spring-data-commons@1.6.1.RELEASE

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-81j5-6v3h-v3cq

vulnerability	VCID-s8a4-9j7s-8fc8

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.data/spring-data-commons@1.6.1.RELEASE

url pkg:maven/org.springframework.data/spring-data-commons@1.6.2.RELEASE

purl pkg:maven/org.springframework.data/spring-data-commons@1.6.2.RELEASE

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-81j5-6v3h-v3cq

vulnerability	VCID-s8a4-9j7s-8fc8

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.data/spring-data-commons@1.6.2.RELEASE

url pkg:maven/org.springframework.data/spring-data-commons@1.6.3.RELEASE

purl pkg:maven/org.springframework.data/spring-data-commons@1.6.3.RELEASE

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-81j5-6v3h-v3cq

vulnerability	VCID-s8a4-9j7s-8fc8

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.data/spring-data-commons@1.6.3.RELEASE

url pkg:maven/org.springframework.data/spring-data-commons@1.6.4.RELEASE

purl pkg:maven/org.springframework.data/spring-data-commons@1.6.4.RELEASE

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-81j5-6v3h-v3cq

vulnerability	VCID-s8a4-9j7s-8fc8

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.data/spring-data-commons@1.6.4.RELEASE

url pkg:maven/org.springframework.data/spring-data-commons@1.6.5.RELEASE

purl pkg:maven/org.springframework.data/spring-data-commons@1.6.5.RELEASE

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-81j5-6v3h-v3cq

vulnerability	VCID-s8a4-9j7s-8fc8

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.data/spring-data-commons@1.6.5.RELEASE

url pkg:maven/org.springframework.data/spring-data-commons@1.7.0.RELEASE

purl pkg:maven/org.springframework.data/spring-data-commons@1.7.0.RELEASE

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-81j5-6v3h-v3cq

vulnerability	VCID-s8a4-9j7s-8fc8

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.data/spring-data-commons@1.7.0.RELEASE

url pkg:maven/org.springframework.data/spring-data-commons@1.7.1.RELEASE

purl pkg:maven/org.springframework.data/spring-data-commons@1.7.1.RELEASE

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-81j5-6v3h-v3cq

vulnerability	VCID-s8a4-9j7s-8fc8

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.data/spring-data-commons@1.7.1.RELEASE

url pkg:maven/org.springframework.data/spring-data-commons@1.7.2.RELEASE

purl pkg:maven/org.springframework.data/spring-data-commons@1.7.2.RELEASE

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-81j5-6v3h-v3cq

vulnerability	VCID-s8a4-9j7s-8fc8

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.data/spring-data-commons@1.7.2.RELEASE

url pkg:maven/org.springframework.data/spring-data-commons@1.7.3.RELEASE

purl pkg:maven/org.springframework.data/spring-data-commons@1.7.3.RELEASE

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-81j5-6v3h-v3cq

vulnerability	VCID-s8a4-9j7s-8fc8

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.data/spring-data-commons@1.7.3.RELEASE

url pkg:maven/org.springframework.data/spring-data-commons@1.8.0.RELEASE

purl pkg:maven/org.springframework.data/spring-data-commons@1.8.0.RELEASE

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-81j5-6v3h-v3cq

vulnerability	VCID-s8a4-9j7s-8fc8

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.data/spring-data-commons@1.8.0.RELEASE

url pkg:maven/org.springframework.data/spring-data-commons@1.8.1.RELEASE

purl pkg:maven/org.springframework.data/spring-data-commons@1.8.1.RELEASE

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-81j5-6v3h-v3cq

vulnerability	VCID-s8a4-9j7s-8fc8

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.data/spring-data-commons@1.8.1.RELEASE

url pkg:maven/org.springframework.data/spring-data-commons@1.8.2.RELEASE

purl pkg:maven/org.springframework.data/spring-data-commons@1.8.2.RELEASE

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-81j5-6v3h-v3cq

vulnerability	VCID-s8a4-9j7s-8fc8

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.data/spring-data-commons@1.8.2.RELEASE

url pkg:maven/org.springframework.data/spring-data-commons@1.8.4.RELEASE

purl pkg:maven/org.springframework.data/spring-data-commons@1.8.4.RELEASE

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-81j5-6v3h-v3cq

vulnerability	VCID-s8a4-9j7s-8fc8

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.data/spring-data-commons@1.8.4.RELEASE

url pkg:maven/org.springframework.data/spring-data-commons@1.8.5.RELEASE

purl pkg:maven/org.springframework.data/spring-data-commons@1.8.5.RELEASE

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-81j5-6v3h-v3cq

vulnerability	VCID-s8a4-9j7s-8fc8

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.data/spring-data-commons@1.8.5.RELEASE

url pkg:maven/org.springframework.data/spring-data-commons@1.8.6.RELEASE

purl pkg:maven/org.springframework.data/spring-data-commons@1.8.6.RELEASE

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-81j5-6v3h-v3cq

vulnerability	VCID-s8a4-9j7s-8fc8

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.data/spring-data-commons@1.8.6.RELEASE

url pkg:maven/org.springframework.data/spring-data-commons@1.9.0.RELEASE

purl pkg:maven/org.springframework.data/spring-data-commons@1.9.0.RELEASE

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-81j5-6v3h-v3cq

vulnerability	VCID-s8a4-9j7s-8fc8

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.data/spring-data-commons@1.9.0.RELEASE

url pkg:maven/org.springframework.data/spring-data-commons@1.9.1.RELEASE

purl pkg:maven/org.springframework.data/spring-data-commons@1.9.1.RELEASE

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-81j5-6v3h-v3cq

vulnerability	VCID-s8a4-9j7s-8fc8

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.data/spring-data-commons@1.9.1.RELEASE

url pkg:maven/org.springframework.data/spring-data-commons@1.9.2.RELEASE

purl pkg:maven/org.springframework.data/spring-data-commons@1.9.2.RELEASE

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-81j5-6v3h-v3cq

vulnerability	VCID-s8a4-9j7s-8fc8

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.data/spring-data-commons@1.9.2.RELEASE

url pkg:maven/org.springframework.data/spring-data-commons@1.9.3.RELEASE

purl pkg:maven/org.springframework.data/spring-data-commons@1.9.3.RELEASE

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-81j5-6v3h-v3cq

vulnerability	VCID-s8a4-9j7s-8fc8

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.data/spring-data-commons@1.9.3.RELEASE

url pkg:maven/org.springframework.data/spring-data-commons@1.9.4.RELEASE

purl pkg:maven/org.springframework.data/spring-data-commons@1.9.4.RELEASE

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-81j5-6v3h-v3cq

vulnerability	VCID-s8a4-9j7s-8fc8

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.data/spring-data-commons@1.9.4.RELEASE

url pkg:maven/org.springframework.data/spring-data-commons@1.10.0.RELEASE

purl pkg:maven/org.springframework.data/spring-data-commons@1.10.0.RELEASE

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-81j5-6v3h-v3cq

vulnerability	VCID-s8a4-9j7s-8fc8

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.data/spring-data-commons@1.10.0.RELEASE

url pkg:maven/org.springframework.data/spring-data-commons@1.10.1.RELEASE

purl pkg:maven/org.springframework.data/spring-data-commons@1.10.1.RELEASE

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-81j5-6v3h-v3cq

vulnerability	VCID-s8a4-9j7s-8fc8

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.data/spring-data-commons@1.10.1.RELEASE

url pkg:maven/org.springframework.data/spring-data-commons@1.10.2.RELEASE

purl pkg:maven/org.springframework.data/spring-data-commons@1.10.2.RELEASE

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-81j5-6v3h-v3cq

vulnerability	VCID-s8a4-9j7s-8fc8

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.data/spring-data-commons@1.10.2.RELEASE

url pkg:maven/org.springframework.data/spring-data-commons@1.11.0.RELEASE

purl pkg:maven/org.springframework.data/spring-data-commons@1.11.0.RELEASE

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-81j5-6v3h-v3cq

vulnerability	VCID-s8a4-9j7s-8fc8

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.data/spring-data-commons@1.11.0.RELEASE

url pkg:maven/org.springframework.data/spring-data-commons@1.11.1.RELEASE

purl pkg:maven/org.springframework.data/spring-data-commons@1.11.1.RELEASE

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-81j5-6v3h-v3cq

vulnerability	VCID-s8a4-9j7s-8fc8

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.data/spring-data-commons@1.11.1.RELEASE

url pkg:maven/org.springframework.data/spring-data-commons@1.11.2.RELEASE

purl pkg:maven/org.springframework.data/spring-data-commons@1.11.2.RELEASE

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-81j5-6v3h-v3cq

vulnerability	VCID-s8a4-9j7s-8fc8

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.data/spring-data-commons@1.11.2.RELEASE

url pkg:maven/org.springframework.data/spring-data-commons@1.11.4.RELEASE

purl pkg:maven/org.springframework.data/spring-data-commons@1.11.4.RELEASE

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-81j5-6v3h-v3cq

vulnerability	VCID-s8a4-9j7s-8fc8

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.data/spring-data-commons@1.11.4.RELEASE

url pkg:maven/org.springframework.data/spring-data-commons@1.11.5.RELEASE

purl pkg:maven/org.springframework.data/spring-data-commons@1.11.5.RELEASE

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-81j5-6v3h-v3cq

vulnerability	VCID-s8a4-9j7s-8fc8

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.data/spring-data-commons@1.11.5.RELEASE

url pkg:maven/org.springframework.data/spring-data-commons@1.11.6.RELEASE

purl pkg:maven/org.springframework.data/spring-data-commons@1.11.6.RELEASE

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-81j5-6v3h-v3cq

vulnerability	VCID-s8a4-9j7s-8fc8

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.data/spring-data-commons@1.11.6.RELEASE

url pkg:maven/org.springframework.data/spring-data-commons@1.12.0.RELEASE

purl pkg:maven/org.springframework.data/spring-data-commons@1.12.0.RELEASE

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-81j5-6v3h-v3cq

vulnerability	VCID-s8a4-9j7s-8fc8

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.data/spring-data-commons@1.12.0.RELEASE

url pkg:maven/org.springframework.data/spring-data-commons@1.12.1.RELEASE

purl pkg:maven/org.springframework.data/spring-data-commons@1.12.1.RELEASE

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-81j5-6v3h-v3cq

vulnerability	VCID-s8a4-9j7s-8fc8

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.data/spring-data-commons@1.12.1.RELEASE

url pkg:maven/org.springframework.data/spring-data-commons@1.12.2.RELEASE

purl pkg:maven/org.springframework.data/spring-data-commons@1.12.2.RELEASE

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-81j5-6v3h-v3cq

vulnerability	VCID-s8a4-9j7s-8fc8

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.data/spring-data-commons@1.12.2.RELEASE

url pkg:maven/org.springframework.data/spring-data-commons@1.12.3.RELEASE

purl pkg:maven/org.springframework.data/spring-data-commons@1.12.3.RELEASE

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-81j5-6v3h-v3cq

vulnerability	VCID-s8a4-9j7s-8fc8

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.data/spring-data-commons@1.12.3.RELEASE

url pkg:maven/org.springframework.data/spring-data-commons@1.12.4.RELEASE

purl pkg:maven/org.springframework.data/spring-data-commons@1.12.4.RELEASE

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-81j5-6v3h-v3cq

vulnerability	VCID-s8a4-9j7s-8fc8

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.data/spring-data-commons@1.12.4.RELEASE

url pkg:maven/org.springframework.data/spring-data-commons@1.12.5.RELEASE

purl pkg:maven/org.springframework.data/spring-data-commons@1.12.5.RELEASE

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-81j5-6v3h-v3cq

vulnerability	VCID-s8a4-9j7s-8fc8

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.data/spring-data-commons@1.12.5.RELEASE

url pkg:maven/org.springframework.data/spring-data-commons@1.12.6.RELEASE

purl pkg:maven/org.springframework.data/spring-data-commons@1.12.6.RELEASE

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-81j5-6v3h-v3cq

vulnerability	VCID-s8a4-9j7s-8fc8

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.data/spring-data-commons@1.12.6.RELEASE

url pkg:maven/org.springframework.data/spring-data-commons@1.12.7.RELEASE

purl pkg:maven/org.springframework.data/spring-data-commons@1.12.7.RELEASE

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-81j5-6v3h-v3cq

vulnerability	VCID-s8a4-9j7s-8fc8

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.data/spring-data-commons@1.12.7.RELEASE

url pkg:maven/org.springframework.data/spring-data-commons@1.12.8.RELEASE

purl pkg:maven/org.springframework.data/spring-data-commons@1.12.8.RELEASE

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-81j5-6v3h-v3cq

vulnerability	VCID-s8a4-9j7s-8fc8

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.data/spring-data-commons@1.12.8.RELEASE

url pkg:maven/org.springframework.data/spring-data-commons@1.12.9.RELEASE

purl pkg:maven/org.springframework.data/spring-data-commons@1.12.9.RELEASE

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-81j5-6v3h-v3cq

vulnerability	VCID-s8a4-9j7s-8fc8

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.data/spring-data-commons@1.12.9.RELEASE

url pkg:maven/org.springframework.data/spring-data-commons@1.12.10.RELEASE

purl pkg:maven/org.springframework.data/spring-data-commons@1.12.10.RELEASE

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-81j5-6v3h-v3cq

vulnerability	VCID-s8a4-9j7s-8fc8

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.data/spring-data-commons@1.12.10.RELEASE

url pkg:maven/org.springframework.data/spring-data-commons@1.12.11.RELEASE

purl pkg:maven/org.springframework.data/spring-data-commons@1.12.11.RELEASE

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-81j5-6v3h-v3cq

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.data/spring-data-commons@1.12.11.RELEASE

url pkg:maven/org.springframework.data/spring-data-commons@1.13.0.RELEASE

purl pkg:maven/org.springframework.data/spring-data-commons@1.13.0.RELEASE

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-81j5-6v3h-v3cq

vulnerability	VCID-92mk-6xrd-gbaa

vulnerability	VCID-s8a4-9j7s-8fc8

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.data/spring-data-commons@1.13.0.RELEASE

url pkg:maven/org.springframework.data/spring-data-commons@1.13.1.RELEASE

purl pkg:maven/org.springframework.data/spring-data-commons@1.13.1.RELEASE

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-81j5-6v3h-v3cq

vulnerability	VCID-92mk-6xrd-gbaa

vulnerability	VCID-s8a4-9j7s-8fc8

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.data/spring-data-commons@1.13.1.RELEASE

url pkg:maven/org.springframework.data/spring-data-commons@1.13.2.RELEASE

purl pkg:maven/org.springframework.data/spring-data-commons@1.13.2.RELEASE

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-81j5-6v3h-v3cq

vulnerability	VCID-92mk-6xrd-gbaa

vulnerability	VCID-s8a4-9j7s-8fc8

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.data/spring-data-commons@1.13.2.RELEASE

url pkg:maven/org.springframework.data/spring-data-commons@1.13.3.RELEASE

purl pkg:maven/org.springframework.data/spring-data-commons@1.13.3.RELEASE

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-81j5-6v3h-v3cq

vulnerability	VCID-92mk-6xrd-gbaa

vulnerability	VCID-s8a4-9j7s-8fc8

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.data/spring-data-commons@1.13.3.RELEASE

url pkg:maven/org.springframework.data/spring-data-commons@1.13.4.RELEASE

purl pkg:maven/org.springframework.data/spring-data-commons@1.13.4.RELEASE

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-81j5-6v3h-v3cq

vulnerability	VCID-92mk-6xrd-gbaa

vulnerability	VCID-s8a4-9j7s-8fc8

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.data/spring-data-commons@1.13.4.RELEASE

url pkg:maven/org.springframework.data/spring-data-commons@1.13.5.RELEASE

purl pkg:maven/org.springframework.data/spring-data-commons@1.13.5.RELEASE

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-81j5-6v3h-v3cq

vulnerability	VCID-92mk-6xrd-gbaa

vulnerability	VCID-s8a4-9j7s-8fc8

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.data/spring-data-commons@1.13.5.RELEASE

url pkg:maven/org.springframework.data/spring-data-commons@1.13.6.RELEASE

purl pkg:maven/org.springframework.data/spring-data-commons@1.13.6.RELEASE

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-81j5-6v3h-v3cq

vulnerability	VCID-92mk-6xrd-gbaa

vulnerability	VCID-s8a4-9j7s-8fc8

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.data/spring-data-commons@1.13.6.RELEASE

url pkg:maven/org.springframework.data/spring-data-commons@1.13.7.RELEASE

purl pkg:maven/org.springframework.data/spring-data-commons@1.13.7.RELEASE

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-81j5-6v3h-v3cq

vulnerability	VCID-92mk-6xrd-gbaa

vulnerability	VCID-s8a4-9j7s-8fc8

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.data/spring-data-commons@1.13.7.RELEASE

url pkg:maven/org.springframework.data/spring-data-commons@1.13.8.RELEASE

purl pkg:maven/org.springframework.data/spring-data-commons@1.13.8.RELEASE

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-81j5-6v3h-v3cq

vulnerability	VCID-92mk-6xrd-gbaa

vulnerability	VCID-s8a4-9j7s-8fc8

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.data/spring-data-commons@1.13.8.RELEASE

url pkg:maven/org.springframework.data/spring-data-commons@1.13.9.RELEASE

purl pkg:maven/org.springframework.data/spring-data-commons@1.13.9.RELEASE

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-81j5-6v3h-v3cq

vulnerability	VCID-92mk-6xrd-gbaa

vulnerability	VCID-s8a4-9j7s-8fc8

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.data/spring-data-commons@1.13.9.RELEASE

url pkg:maven/org.springframework.data/spring-data-commons@1.13.10.RELEASE

purl pkg:maven/org.springframework.data/spring-data-commons@1.13.10.RELEASE

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-81j5-6v3h-v3cq

vulnerability	VCID-92mk-6xrd-gbaa

vulnerability	VCID-s8a4-9j7s-8fc8

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.data/spring-data-commons@1.13.10.RELEASE

url pkg:maven/org.springframework.data/spring-data-commons@2.0.0

purl pkg:maven/org.springframework.data/spring-data-commons@2.0.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-81j5-6v3h-v3cq

vulnerability	VCID-92mk-6xrd-gbaa

vulnerability	VCID-s8a4-9j7s-8fc8

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.data/spring-data-commons@2.0.0

url pkg:maven/org.springframework.data/spring-data-commons@2.0.0.RELEASE

purl pkg:maven/org.springframework.data/spring-data-commons@2.0.0.RELEASE

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-81j5-6v3h-v3cq

vulnerability	VCID-92mk-6xrd-gbaa

vulnerability	VCID-s8a4-9j7s-8fc8

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.data/spring-data-commons@2.0.0.RELEASE

url pkg:maven/org.springframework.data/spring-data-commons@2.0.1.RELEASE

purl pkg:maven/org.springframework.data/spring-data-commons@2.0.1.RELEASE

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-81j5-6v3h-v3cq

vulnerability	VCID-92mk-6xrd-gbaa

vulnerability	VCID-s8a4-9j7s-8fc8

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.data/spring-data-commons@2.0.1.RELEASE

url pkg:maven/org.springframework.data/spring-data-commons@2.0.2.RELEASE

purl pkg:maven/org.springframework.data/spring-data-commons@2.0.2.RELEASE

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-81j5-6v3h-v3cq

vulnerability	VCID-92mk-6xrd-gbaa

vulnerability	VCID-s8a4-9j7s-8fc8

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.data/spring-data-commons@2.0.2.RELEASE

url pkg:maven/org.springframework.data/spring-data-commons@2.0.3.RELEASE

purl pkg:maven/org.springframework.data/spring-data-commons@2.0.3.RELEASE

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-81j5-6v3h-v3cq

vulnerability	VCID-92mk-6xrd-gbaa

vulnerability	VCID-s8a4-9j7s-8fc8

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.data/spring-data-commons@2.0.3.RELEASE

url pkg:maven/org.springframework.data/spring-data-commons@2.0.4.RELEASE

purl pkg:maven/org.springframework.data/spring-data-commons@2.0.4.RELEASE

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-81j5-6v3h-v3cq

vulnerability	VCID-92mk-6xrd-gbaa

vulnerability	VCID-s8a4-9j7s-8fc8

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.data/spring-data-commons@2.0.4.RELEASE

url pkg:maven/org.springframework.data/spring-data-commons@2.0.5.RELEASE

purl pkg:maven/org.springframework.data/spring-data-commons@2.0.5.RELEASE

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-81j5-6v3h-v3cq

vulnerability	VCID-92mk-6xrd-gbaa

vulnerability	VCID-s8a4-9j7s-8fc8

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.data/spring-data-commons@2.0.5.RELEASE

References

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1274.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1274.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-1274

reference_id

reference_type

scores

value	0.00845
scoring_system	epss
scoring_elements	0.74858
published_at	2026-04-29T12:55:00Z

value	0.00845
scoring_system	epss
scoring_elements	0.74892
published_at	2026-05-07T12:55:00Z

value	0.00845
scoring_system	epss
scoring_elements	0.74864
published_at	2026-05-05T12:55:00Z

value	0.00967
scoring_system	epss
scoring_elements	0.76608
published_at	2026-04-11T12:55:00Z

value	0.00967
scoring_system	epss
scoring_elements	0.7658
published_at	2026-04-13T12:55:00Z

value	0.00967
scoring_system	epss
scoring_elements	0.76529
published_at	2026-04-02T12:55:00Z

value	0.00967
scoring_system	epss
scoring_elements	0.76558
published_at	2026-04-04T12:55:00Z

value	0.00967
scoring_system	epss
scoring_elements	0.76538
published_at	2026-04-07T12:55:00Z

value	0.00967
scoring_system	epss
scoring_elements	0.7657
published_at	2026-04-08T12:55:00Z

value	0.00967
scoring_system	epss
scoring_elements	0.76581
published_at	2026-04-09T12:55:00Z

value	0.00967
scoring_system	epss
scoring_elements	0.76587
published_at	2026-04-12T12:55:00Z

value	0.00967
scoring_system	epss
scoring_elements	0.76652
published_at	2026-04-26T12:55:00Z

value	0.00967
scoring_system	epss
scoring_elements	0.76646
published_at	2026-04-24T12:55:00Z

value	0.00967
scoring_system	epss
scoring_elements	0.76614
published_at	2026-04-21T12:55:00Z

value	0.00967
scoring_system	epss
scoring_elements	0.76625
published_at	2026-04-18T12:55:00Z

value	0.00967
scoring_system	epss
scoring_elements	0.76524
published_at	2026-04-01T12:55:00Z

value	0.00967
scoring_system	epss
scoring_elements	0.76622
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-1274

reference_url

https://github.com/advisories/GHSA-5q8m-mqmx-pxp9

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/advisories/GHSA-5q8m-mqmx-pxp9

reference_url

https://github.com/spring-projects/spring-data-commons/commit/371f6590c509c72f8e600f3d05e110941607fba

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/spring-projects/spring-data-commons/commit/371f6590c509c72f8e600f3d05e110941607fba

reference_url

https://github.com/spring-projects/spring-data-commons/commit/3d8576fe4e4e71c23b9e6796b32fd56e51182ee

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/spring-projects/spring-data-commons/commit/3d8576fe4e4e71c23b9e6796b32fd56e51182ee

reference_url

https://www.oracle.com/security-alerts/cpujul2022.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpujul2022.html

reference_url

http://www.securityfocus.com/bid/103769

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.securityfocus.com/bid/103769

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1565926
reference_id	1565926
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1565926

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:pivotal_software:spring_data_commons::::::::
reference_id	cpe:2.3:a:pivotal_software:spring_data_commons::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:pivotal_software:spring_data_commons::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:pivotal_software:spring_data_rest::::::::
reference_id	cpe:2.3:a:pivotal_software:spring_data_rest::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:pivotal_software:spring_data_rest::::::::

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2018-1274

reference_id

CVE-2018-1274

reference_type

scores

value	5.0
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:N/I:N/A:P

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2018-1274

reference_url

https://pivotal.io/security/cve-2018-1274

reference_id

CVE-2018-1274

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://pivotal.io/security/cve-2018-1274

Weaknesses

cwe_id	1035
name	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.

cwe_id	770
name	Allocation of Resources Without Limits or Throttling
description	The product allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor.

cwe_id	937
name	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.

cwe_id	138
name	Improper Neutralization of Special Elements
description	The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as control elements or syntactic markers when they are sent to a downstream component.

Exploits

Severity_range_score 5.0 - 8.9

Exploitability 0.5

Weighted_severity 8.0

Risk_score 4.0

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-81j5-6v3h-v3cq

Vulnerability Instance