Vulnerabilities > Pivotal Software > Spring Data Rest > 3.0.5

DATE CVE VULNERABILITY TITLE RISK
2018-05-11 CVE-2018-1259 XXE vulnerability in multiple products
Spring Data Commons, versions 1.13 prior to 1.13.12 and 2.0 prior to 2.0.7, used in combination with XMLBeam 1.4.14 or earlier versions, contains a property binder vulnerability caused by improper restriction of XML external entity references as underlying library XMLBeam does not restrict external reference expansion.
network
low complexity
pivotal-software xmlbeam CWE-611
5.0
5.0
2018-04-18 CVE-2018-1274 Allocation of Resources Without Limits or Throttling vulnerability in Pivotal Software Spring Data Commons and Spring Data Rest
Spring Data Commons, versions 1.13 to 1.13.10, 2.0 to 2.0.5, and older unsupported versions, contain a property path parser vulnerability caused by unlimited resource allocation.
network
low complexity
pivotal-software CWE-770
5.0
5.0
2018-04-11 CVE-2018-1273 Improper Input Validation vulnerability in multiple products
Spring Data Commons, versions prior to 1.13 to 1.13.10, 2.0 to 2.0.5, and older unsupported versions, contain a property binder vulnerability caused by improper neutralization of special elements.
network
low complexity
pivotal-software apache CWE-20
7.5
7.5