org.springframework.data:spring-data-commons@1.13.5.RELEASE vulnerabilities

  • latest version

    3.4.1

  • latest non vulnerable version

  • first published

    11 years ago

  • latest version published

    9 days ago

  • licenses detected

  • package manager

  • Direct Vulnerabilities

    Known vulnerabilities in the org.springframework.data:spring-data-commons package. This does not include vulnerabilities belonging to this package’s dependencies.

    How to fix?

    Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

    Fix for free
    VulnerabilityVulnerable Version
    • H
    Denial of Service (DoS)

    org.springframework.data:spring-data-commons is a part of the umbrella Spring Data project that provides shared infrastructure across the Spring Data projects. It contains technology neutral repository interfaces as well as a metadata model for persisting Java classes.

    Affected versions of this package are vulnerable to Denial of Service (DoS) attacks. It contains a property path parser vulnerability caused by unlimited resource allocation. An unauthenticated remote malicious user (or attacker) can issue requests against Spring Data REST endpoints or endpoints using property path parsing which can cause a denial of service (CPU and memory consumption).

    How to fix Denial of Service (DoS)?

    Upgrade org.springframework.data:spring-data-commons to versions 1.13.11, 2.0.6 or higher.

    [,1.13.11.RELEASE)[2.0.0.RELEASE,2.0.6.RELEASE)
    • C
    Arbitrary Code Execution

    org.springframework.data:spring-data-commons is a maven plugin to centralize common resources and configuration for Spring Data Maven builds.

    Affected versions of this package are vulnerable to Arbitrary Code Execution. An unauthenticated remote malicious user (or attacker) can supply specially crafted request parameters against Spring Data REST backed HTTP resources or using Spring Data's projection-based request payload binding hat can lead to a remote code execution attack.

    How to fix Arbitrary Code Execution?

    Upgrade org.springframework.data:spring-data-commons to version 1.13.11.RELEASE, 2.0.6.RELEASE or higher.

    [,1.13.11.RELEASE)[2.0.0.RELEASE,2.0.6.RELEASE)