cnvd - cnvd-2018-07566

cnvd-2018-07566

Vulnerability from cnvd

Title: Spring Data Commons远程代码执行漏洞

Description:

Spring Data是Spring框架中提供底层数据访问的项目模块，Spring Data Commons是一个共用的基础模块。

Spring Data Commons存在远程代码执行漏洞。该是由于Spring Data Commons模块对特殊属性处理时会使用SpEl表达式，导致攻击者可以通过构造特殊的URL请求，造成服务端远程代码执行。

Severity: 高

Patch Name: Spring Data Commons远程代码执行漏洞的补丁

Patch Description:

Spring Data是Spring框架中提供底层数据访问的项目模块，Spring Data Commons是一个共用的基础模块。

Spring Data Commons存在远程代码执行漏洞。该是由于Spring Data Commons模块对特殊属性处理时会使用SpEl表达式，导致攻击者可以通过构造特殊的URL请求，造成服务端远程代码执行。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description:

用户可参考如下供应商提供的安全公告获得补丁信息： https://pivotal.io/security/cve-2018-1273

Reference: https://pivotal.io/security/cve-2018-1273 https://www.anquanke.com/post/id/104401

Impacted products

Name
['Pivotal Software Spring Data Commons >=1.13，<=1.13.10 (Ingalls SR10)', 'Pivotal Software Spring Data Commons >=2.0，<=2.0.5 (Kay SR5)', 'Pivotal Software Spring Data REST >=2.6，<=2.6.10 (Ingalls SR10)', 'Pivotal Software Spring Data REST >=3.0，<=3.0.5 (Kay SR5)']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2018-1273"
    }
  },
  "description": "Spring Data\u662fSpring\u6846\u67b6\u4e2d\u63d0\u4f9b\u5e95\u5c42\u6570\u636e\u8bbf\u95ee\u7684\u9879\u76ee\u6a21\u5757\uff0cSpring Data Commons\u662f\u4e00\u4e2a\u5171\u7528\u7684\u57fa\u7840\u6a21\u5757\u3002\r\n\r\nSpring Data Commons\u5b58\u5728\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\u3002\u8be5\u662f\u7531\u4e8eSpring Data Commons\u6a21\u5757\u5bf9\u7279\u6b8a\u5c5e\u6027\u5904\u7406\u65f6\u4f1a\u4f7f\u7528SpEl\u8868\u8fbe\u5f0f\uff0c\u5bfc\u81f4\u653b\u51fb\u8005\u53ef\u4ee5\u901a\u8fc7\u6784\u9020\u7279\u6b8a\u7684URL\u8bf7\u6c42\uff0c\u9020\u6210\u670d\u52a1\u7aef\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u3002",
  "discovererName": "Philippe Arteau, GoSecure Inc.",
  "formalWay": "\u7528\u6237\u53ef\u53c2\u8003\u5982\u4e0b\u4f9b\u5e94\u5546\u63d0\u4f9b\u7684\u5b89\u5168\u516c\u544a\u83b7\u5f97\u8865\u4e01\u4fe1\u606f\uff1a\r\nhttps://pivotal.io/security/cve-2018-1273",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2018-07566",
  "openTime": "2018-04-12",
  "patchDescription": "Spring Data\u662fSpring\u6846\u67b6\u4e2d\u63d0\u4f9b\u5e95\u5c42\u6570\u636e\u8bbf\u95ee\u7684\u9879\u76ee\u6a21\u5757\uff0cSpring Data Commons\u662f\u4e00\u4e2a\u5171\u7528\u7684\u57fa\u7840\u6a21\u5757\u3002\r\n\r\nSpring Data Commons\u5b58\u5728\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\u3002\u8be5\u662f\u7531\u4e8eSpring Data Commons\u6a21\u5757\u5bf9\u7279\u6b8a\u5c5e\u6027\u5904\u7406\u65f6\u4f1a\u4f7f\u7528SpEl\u8868\u8fbe\u5f0f\uff0c\u5bfc\u81f4\u653b\u51fb\u8005\u53ef\u4ee5\u901a\u8fc7\u6784\u9020\u7279\u6b8a\u7684URL\u8bf7\u6c42\uff0c\u9020\u6210\u670d\u52a1\u7aef\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Spring Data Commons\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Pivotal Software Spring Data Commons \u003e=1.13\uff0c\u003c=1.13.10 (Ingalls SR10)",
      "Pivotal Software Spring Data Commons \u003e=2.0\uff0c\u003c=2.0.5 (Kay SR5)",
      "Pivotal Software Spring Data REST \u003e=2.6\uff0c\u003c=2.6.10 (Ingalls SR10)",
      "Pivotal Software Spring Data REST \u003e=3.0\uff0c\u003c=3.0.5 (Kay SR5)"
    ]
  },
  "referenceLink": "https://pivotal.io/security/cve-2018-1273\r\nhttps://www.anquanke.com/post/id/104401",
  "serverity": "\u9ad8",
  "submitTime": "2018-04-12",
  "title": "Spring Data Commons\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e"
}

CVE-2018-1273 (GCVE-0-2018-1273)

Vulnerability from cvelistv5

Published

2018-04-11 13:00

Modified

2025-07-30 01:46

Severity ?

9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-94 - - Code Injection

Summary

Spring Data Commons, versions prior to 1.13 to 1.13.10, 2.0 to 2.0.5, and older unsupported versions, contain a property binder vulnerability caused by improper neutralization of special elements. An unauthenticated remote malicious user (or attacker) can supply specially crafted request parameters against Spring Data REST backed HTTP resources or using Spring Data's projection-based request payload binding hat can lead to a remote code execution attack.

References

▼	URL	Tags
	http://mail-archives.apache.org/mod_mbox/ignite-dev/201807.mbox/%3CCAK0qHnqzfzmCDFFi6c5Jok19zNkVCz5Xb4sU%3D0f2J_1i4p46zQ%40mail.gmail.com%3E	mailing-list, x_refsource_MLIST
	https://www.oracle.com/security-alerts/cpujul2022.html	x_refsource_MISC
	https://pivotal.io/security/cve-2018-1273	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	Spring by Pivotal	Spring Framework	Version: Versions prior to 1.13 to 1.13.10, 2.0 to 2.0.5, and older unsupported versions

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T03:51:48.994Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "[ignite-dev] 20180719 [CVE-2018-1273] Apache Ignite impacted by security vulnerability in Spring Data Commons",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://mail-archives.apache.org/mod_mbox/ignite-dev/201807.mbox/%3CCAK0qHnqzfzmCDFFi6c5Jok19zNkVCz5Xb4sU%3D0f2J_1i4p46zQ%40mail.gmail.com%3E"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://pivotal.io/security/cve-2018-1273"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 9.8,
              "baseSeverity": "CRITICAL",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2018-1273",
                "options": [
                  {
                    "Exploitation": "active"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-07T12:41:40.372134Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          },
          {
            "other": {
              "content": {
                "dateAdded": "2022-03-25",
                "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-1273"
              },
              "type": "kev"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-07-30T01:46:16.199Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "timeline": [
          {
            "lang": "en",
            "time": "2022-03-25T00:00:00+00:00",
            "value": "CVE-2018-1273 added to CISA KEV"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Spring Framework",
          "vendor": "Spring by Pivotal",
          "versions": [
            {
              "status": "affected",
              "version": "Versions prior to 1.13 to 1.13.10, 2.0 to 2.0.5, and older unsupported versions"
            }
          ]
        }
      ],
      "datePublic": "2018-04-10T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Spring Data Commons, versions prior to 1.13 to 1.13.10, 2.0 to 2.0.5, and older unsupported versions, contain a property binder vulnerability caused by improper neutralization of special elements. An unauthenticated remote malicious user (or attacker) can supply specially crafted request parameters against Spring Data REST backed HTTP resources or using Spring Data\u0027s projection-based request payload binding hat can lead to a remote code execution attack."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-94",
              "description": "CWE-94 - Code Injection",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-07-22T17:58:04.000Z",
        "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "shortName": "dell"
      },
      "references": [
        {
          "name": "[ignite-dev] 20180719 [CVE-2018-1273] Apache Ignite impacted by security vulnerability in Spring Data Commons",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://mail-archives.apache.org/mod_mbox/ignite-dev/201807.mbox/%3CCAK0qHnqzfzmCDFFi6c5Jok19zNkVCz5Xb4sU%3D0f2J_1i4p46zQ%40mail.gmail.com%3E"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://pivotal.io/security/cve-2018-1273"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@dell.com",
          "DATE_PUBLIC": "2018-04-10T00:00:00",
          "ID": "CVE-2018-1273",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Spring Framework",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Versions prior to 1.13 to 1.13.10, 2.0 to 2.0.5, and older unsupported versions"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Spring by Pivotal"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Spring Data Commons, versions prior to 1.13 to 1.13.10, 2.0 to 2.0.5, and older unsupported versions, contain a property binder vulnerability caused by improper neutralization of special elements. An unauthenticated remote malicious user (or attacker) can supply specially crafted request parameters against Spring Data REST backed HTTP resources or using Spring Data\u0027s projection-based request payload binding hat can lead to a remote code execution attack."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-94 - Code Injection"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "[ignite-dev] 20180719 [CVE-2018-1273] Apache Ignite impacted by security vulnerability in Spring Data Commons",
              "refsource": "MLIST",
              "url": "http://mail-archives.apache.org/mod_mbox/ignite-dev/201807.mbox/%3CCAK0qHnqzfzmCDFFi6c5Jok19zNkVCz5Xb4sU%3D0f2J_1i4p46zQ%40mail.gmail.com%3E"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujul2022.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
            },
            {
              "name": "https://pivotal.io/security/cve-2018-1273",
              "refsource": "CONFIRM",
              "url": "https://pivotal.io/security/cve-2018-1273"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
    "assignerShortName": "dell",
    "cveId": "CVE-2018-1273",
    "datePublished": "2018-04-11T13:00:00.000Z",
    "dateReserved": "2017-12-06T00:00:00.000Z",
    "dateUpdated": "2025-07-30T01:46:16.199Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted