Vulnerabilities > Pivotal Software > Spring Data Rest > 2.6

DATE CVE VULNERABILITY TITLE RISK
2018-04-18 CVE-2018-1274 Allocation of Resources Without Limits or Throttling vulnerability in Pivotal Software Spring Data Commons and Spring Data Rest
Spring Data Commons, versions 1.13 to 1.13.10, 2.0 to 2.0.5, and older unsupported versions, contain a property path parser vulnerability caused by unlimited resource allocation.
network
low complexity
pivotal-software CWE-770
7.5
2018-01-04 CVE-2017-8046 Improper Input Validation vulnerability in multiple products
Malicious PATCH requests submitted to servers using Spring Data REST versions prior to 2.6.9 (Ingalls SR9), versions prior to 3.0.1 (Kay SR1) and Spring Boot versions prior to 1.5.9, 2.0 M6 can use specially crafted JSON data to run arbitrary Java code.
network
low complexity
vmware pivotal-software CWE-20
critical
9.8