Vulnerabilities > Pivotal Software > Spring Data Rest > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-05-11 | CVE-2018-1259 | XXE vulnerability in multiple products Spring Data Commons, versions 1.13 prior to 1.13.12 and 2.0 prior to 2.0.7, used in combination with XMLBeam 1.4.14 or earlier versions, contains a property binder vulnerability caused by improper restriction of XML external entity references as underlying library XMLBeam does not restrict external reference expansion. | 5.0 |
| 2018-04-18 | CVE-2018-1274 | Allocation of Resources Without Limits or Throttling vulnerability in Pivotal Software Spring Data Commons and Spring Data Rest Spring Data Commons, versions 1.13 to 1.13.10, 2.0 to 2.0.5, and older unsupported versions, contain a property path parser vulnerability caused by unlimited resource allocation. | 5.0 |