Lucene search
Redhat.comRH:CVE-2018-1259HistoryMay 16, 2018 - 3:19 p.m.
CVE-2018-1259
2018-05-1615:19:19
redhat.com
access.redhat.com
21
0.004 Low
EPSS
Percentile
72.6%
Spring Data Commons, versions 1.13 prior to 1.13.12 and 2.0 prior to 2.0.7, used in combination with XMLBeam 1.4.14 or earlier versions, contains a property binder vulnerability caused by improper restriction of XML external entity references as underlying library XMLBeam does not restrict external reference expansion. An unauthenticated remote malicious user can supply specially crafted request parameters against Spring Data’s projection-based request payload binding to access arbitrary files on the system.
Related
nvd
nvd
CVE-2018-1259
2018-05-11 20:29:00
f5
f5
K27053426 : Spring data XML vulnerability CVE-2018-1259
2018-05-29 00:00:00
cvelist
cvelist
CVE-2018-1259
2018-05-09 00:00:00
osv
osv
prion
prion
Xxe
2018-05-11 20:29:00
github
github
veracode
veracode
XML External Entity (XXE)
2018-05-10 08:08:53
dsquare
dsquare
Pivotal Spring Data Commons / Spring Data REST XXE File Disclosure
2018-07-27 00:00:00
cve
cve
CVE-2018-1259
2018-05-11 20:29:00
redhat
redhat
oracle
oracle
Oracle Critical Patch Update Advisory - July 2022
2022-07-19 00:00:00