Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:maven/org.springframework.data/spring-data-commons@2.0.7.RELEASE
purl pkg:maven/org.springframework.data/spring-data-commons@2.0.7.RELEASE
Vulnerabilities affecting this package (0)
Vulnerability Summary Fixed by
This package is not known to be affected by vulnerabilities.
Vulnerabilities fixed by this package (1)
Vulnerability Summary Aliases
VCID-92mk-6xrd-gbaa Spring Data Commons, versions 1.13 prior to 1.13.12 and 2.0 prior to 2.0.7, used in combination with XMLBeam 1.4.14 or earlier versions, contains a property binder vulnerability caused by improper restriction of XML external entity references as underlying library XMLBeam does not restrict external reference expansion. An unauthenticated remote malicious user can supply specially crafted request parameters against Spring Data's projection-based request payload binding to access arbitrary files on the system. CVE-2018-1259
GHSA-m929-7fr6-cvjg

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-16T20:48:51.069453+00:00 GitLab Importer Fixing VCID-92mk-6xrd-gbaa https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.springframework.data/spring-data-commons/CVE-2018-1259.yml 38.4.0
2026-04-11T21:59:47.964077+00:00 GitLab Importer Fixing VCID-92mk-6xrd-gbaa https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.springframework.data/spring-data-commons/CVE-2018-1259.yml 38.3.0
2026-04-02T22:12:57.511221+00:00 GitLab Importer Fixing VCID-92mk-6xrd-gbaa https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.springframework.data/spring-data-commons/CVE-2018-1259.yml 38.1.0
2026-04-01T16:30:21.513430+00:00 GitLab Importer Fixing VCID-92mk-6xrd-gbaa https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.springframework.data/spring-data-commons/CVE-2018-1259.yml 38.0.0