Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-1j1n-dmts-1yeu
Vulnerability ID VCID-1j1n-dmts-1yeu
Aliases CVE-2017-8046
GHSA-9qf9-28h9-hqcj
Summary
Status Published
Exploitability 2.0
Weighted Severity 9.0
Risk 10.0
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-20 Improper Input Validation
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
cvssv3.1 9.8 https://access.redhat.com/errata/RHSA-2018:2405
generic_textual CRITICAL https://access.redhat.com/errata/RHSA-2018:2405
cvssv3 10.0 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-8046.json
epss 0.93978 https://api.first.org/data/v1/epss?cve=CVE-2017-8046
cvssv3.1 9.8 https://bugzilla.redhat.com/show_bug.cgi?id=1553024
generic_textual CRITICAL https://bugzilla.redhat.com/show_bug.cgi?id=1553024
cvssv3.1_qr CRITICAL https://github.com/advisories/GHSA-9qf9-28h9-hqcj
cvssv3.1 9.8 https://github.com/spring-projects/spring-data-rest
generic_textual CRITICAL https://github.com/spring-projects/spring-data-rest
cvssv3.1 9.8 https://github.com/spring-projects/spring-data-rest/issues/1487
generic_textual CRITICAL https://github.com/spring-projects/spring-data-rest/issues/1487
cvssv3.1 9.8 https://github.com/spring-projects/spring-data-rest/issues/1520
generic_textual CRITICAL https://github.com/spring-projects/spring-data-rest/issues/1520
cvssv3.1 9.8 https://jira.spring.io/browse/DATAREST-1127?redirect=false
generic_textual CRITICAL https://jira.spring.io/browse/DATAREST-1127?redirect=false
cvssv3.1 9.8 https://nvd.nist.gov/vuln/detail/CVE-2017-8046
generic_textual CRITICAL https://nvd.nist.gov/vuln/detail/CVE-2017-8046
cvssv3.1 9.8 https://pivotal.io/security/cve-2017-8046
generic_textual CRITICAL https://pivotal.io/security/cve-2017-8046
Reference id Reference type URL
https://access.redhat.com/errata/RHSA-2018:2405
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-8046.json
https://api.first.org/data/v1/epss?cve=CVE-2017-8046
https://bugzilla.redhat.com/show_bug.cgi?id=1553024
https://github.com/spring-projects/spring-data-rest
https://github.com/spring-projects/spring-data-rest/commit/824e51a1304bbc8334ac0b96ffaef588177e6cc
https://github.com/spring-projects/spring-data-rest/commit/8f269e28fe8038a6c60f31a1c36cfda04795ab45
https://github.com/spring-projects/spring-data-rest/issues/1487
https://github.com/spring-projects/spring-data-rest/issues/1520
https://jira.spring.io/browse/DATAREST-1127
https://jira.spring.io/browse/DATAREST-1127?redirect=false
https://jira.spring.io/browse/DATAREST-1152
CVE-2017-8046 Exploit https://github.com/m3ssap0/spring-break_cve-2017-8046
CVE-2017-8046 Exploit https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/java/webapps/44289.java
CVE-2017-8046 https://nvd.nist.gov/vuln/detail/CVE-2017-8046
CVE-2017-8046 https://pivotal.io/security/cve-2017-8046
GHSA-9qf9-28h9-hqcj https://github.com/advisories/GHSA-9qf9-28h9-hqcj
Data source Exploit-DB
Date added March 15, 2018
Description Spring Data REST < 2.6.9 (Ingalls SR9) / 3.0.1 (Kay SR1) - PATCH Request Remote Code Execution
Ransomware campaign use Unknown
Source publication date March 15, 2018
Exploit type webapps
Platform java
Source update date March 16, 2018
Source URL https://github.com/m3ssap0/spring-break_cve-2017-8046
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://access.redhat.com/errata/RHSA-2018:2405
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-8046.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://bugzilla.redhat.com/show_bug.cgi?id=1553024
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/spring-projects/spring-data-rest
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/spring-projects/spring-data-rest/issues/1487
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/spring-projects/spring-data-rest/issues/1520
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://jira.spring.io/browse/DATAREST-1127?redirect=false
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2017-8046
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://pivotal.io/security/cve-2017-8046
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.99895
EPSS Score 0.93978
Published At June 11, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-06-10T18:20:07.013700+00:00 ProjectKB MSRImporter Import https://raw.githubusercontent.com/SAP/project-kb/master/MSR2019/dataset/vulas_db_msr2019_release.csv 38.6.0