Lucene search
GoogleOSV:GHSA-M929-7FR6-CVJGHistoryOct 17, 2018 - 5:23 p.m.
Spring Data Commons, used in combination with XMLBeam, contains a property binder vulnerability caused by improper restriction of XML external entity references
2018-10-1717:23:36
Google
osv.dev
13
0.004 Low
EPSS
Percentile
72.6%
Spring Data Commons, versions 1.13 prior to 1.13.12 and 2.0 prior to 2.0.7, used in combination with XMLBeam 1.4.14 or earlier versions, contains a property binder vulnerability caused by improper restriction of XML external entity references as underlying library XMLBeam does not restrict external reference expansion. An unauthenticated remote malicious user can supply specially crafted request parameters against Spring Data’s projection-based request payload binding to access arbitrary files on the system.
Related
f5
f5
K27053426 : Spring data XML vulnerability CVE-2018-1259
2018-05-29 00:00:00
cvelist
cvelist
CVE-2018-1259
2018-05-09 00:00:00
osv
osv
CVE-2018-1259
2018-05-11 20:29:00
prion
prion
Xxe
2018-05-11 20:29:00
nvd
nvd
CVE-2018-1259
2018-05-11 20:29:00
redhatcve
redhatcve
CVE-2018-1259
2018-05-16 15:19:19
github
github
veracode
veracode
XML External Entity (XXE)
2018-05-10 08:08:53
dsquare
dsquare
Pivotal Spring Data Commons / Spring Data REST XXE File Disclosure
2018-07-27 00:00:00
cve
cve
CVE-2018-1259
2018-05-11 20:29:00
redhat
redhat
oracle
oracle
Oracle Critical Patch Update Advisory - July 2022
2022-07-19 00:00:00