Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2018-1273
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
Spring Data Commons, versions prior to 1.13 to 1.13.10, 2.0 to 2.0.5, and older unsupported versions, contain a property binder vulnerability caused by improper neutralization of special elements. An unauthenticated remote malicious user (or attacker) can supply specially crafted request parameters against Spring Data REST backed HTTP resources or using Spring Data's projection-based request payload binding hat can lead to a remote code execution attack.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
对生成代码的控制不恰当(代码注入)
Source: NVD (National Vulnerability Database)
Vulnerability Title
Pivotal Software Spring Data Commons和Spring Data REST 输入验证错误漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Pivotal Software Spring Data Commons和Pivotal Software Spring Data REST都是美国Pivotal Software公司的产品。Pivotal Software Spring Data Commons是一款数据共享接口。Pivotal Software Spring Data REST是一款能够在Spring Data之上构建超媒体驱动的REST Web服务的产品。 Pivotal Software Spring Data Commons和S
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
VendorProductAffected VersionsCPESubscribe
Spring by PivotalSpring Framework Versions prior to 1.13 to 1.13.10, 2.0 to 2.0.5, and older unsupported versions -
II. Public POCs for CVE-2018-1273
#POC DescriptionSource LinkShenlong Link
1Environment for CVE-2018-1273 (Spring Data Commons)https://github.com/knqyf263/CVE-2018-1273POC Details
2POC for CVE-2018-1273https://github.com/wearearima/poc-cve-2018-1273POC Details
3Nonehttps://github.com/webr0ck/poc-cve-2018-1273POC Details
4cve-2018-1273https://github.com/cved-sources/cve-2018-1273POC Details
5Spring Data Commons RCE 远程命令执行漏洞https://github.com/jas502n/cve-2018-1273POC Details
6Spring Data Commons, versions prior to 1.13 to 1.13.10, 2.0 to 2.0.5, and older unsupported versions, contain a property binder vulnerability caused by improper neutralization of special elements. An unauthenticated remote malicious user (or attacker) can supply specially crafted request parameters against Spring Data REST backed HTTP resources or using Spring Data's projection-based request payload binding hat can lead to a remote code execution attack. https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2018/CVE-2018-1273.yamlPOC Details
7Nonehttps://github.com/Threekiii/Awesome-POC/blob/master/%E5%BC%80%E5%8F%91%E6%A1%86%E6%9E%B6%E6%BC%8F%E6%B4%9E/Spring%20Data%20Commons%20%E8%BF%9C%E7%A8%8B%E5%91%BD%E4%BB%A4%E6%89%A7%E8%A1%8C%E6%BC%8F%E6%B4%9E%20CVE-2018-1273.mdPOC Details
8https://github.com/vulhub/vulhub/blob/master/spring/CVE-2018-1273/README.mdPOC Details
9Nonehttps://github.com/hdgokani/CVE-2018-1273POC Details
10Nonehttps://github.com/andikahilmy/CVE-2018-1273-spring-data-commons-vulnerablePOC Details
AI-Generated POCPremium

No public POC found.

Login to generate AI POC
III. Intelligence Information for CVE-2018-1273
Please Login to view more intelligence information
IV. Related Vulnerabilities
Same product: Spring Framework
Same vendor: Spring by Pivotal
Same weakness: CWE-94
V. Comments for CVE-2018-1273

No comments yet

Leave a comment