org.springframework.data:spring-data-commons 2.0.0.RELEASE vulnerabilities

Direct Vulnerabilities

Known vulnerabilities in the org.springframework.data:spring-data-commons package. This does not include vulnerabilities belonging to this package’s dependencies.

How to fix?

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free

Vulnerability	Vulnerable Version
H Denial of Service (DoS) org.springframework.data:spring-data-commons is a part of the umbrella Spring Data project that provides shared infrastructure across the Spring Data projects. It contains technology neutral repository interfaces as well as a metadata model for persisting Java classes. Affected versions of this package are vulnerable to Denial of Service (DoS) attacks. It contains a property path parser vulnerability caused by unlimited resource allocation. An unauthenticated remote malicious user (or attacker) can issue requests against Spring Data REST endpoints or endpoints using property path parsing which can cause a denial of service (CPU and memory consumption). How to fix Denial of Service (DoS)? Upgrade `org.springframework.data:spring-data-commons` to versions 1.13.11, 2.0.6 or higher.	[,1.13.11.RELEASE)[2.0.0.RELEASE,2.0.6.RELEASE)
C Arbitrary Code Execution org.springframework.data:spring-data-commons is a maven plugin to centralize common resources and configuration for Spring Data Maven builds. Affected versions of this package are vulnerable to Arbitrary Code Execution. An unauthenticated remote malicious user (or attacker) can supply specially crafted request parameters against Spring Data REST backed HTTP resources or using Spring Data's projection-based request payload binding hat can lead to a remote code execution attack. How to fix Arbitrary Code Execution? Upgrade `org.springframework.data:spring-data-commons` to version 1.13.11.RELEASE, 2.0.6.RELEASE or higher.	[,1.13.11.RELEASE)[2.0.0.RELEASE,2.0.6.RELEASE)

Vulnerability

Vulnerable Version

Denial of Service (DoS)

org.springframework.data:spring-data-commons is a part of the umbrella Spring Data project that provides shared infrastructure across the Spring Data projects. It contains technology neutral repository interfaces as well as a metadata model for persisting Java classes.

Affected versions of this package are vulnerable to Denial of Service (DoS) attacks. It contains a property path parser vulnerability caused by unlimited resource allocation. An unauthenticated remote malicious user (or attacker) can issue requests against Spring Data REST endpoints or endpoints using property path parsing which can cause a denial of service (CPU and memory consumption).

How to fix Denial of Service (DoS)?

Upgrade org.springframework.data:spring-data-commons to versions 1.13.11, 2.0.6 or higher.

[,1.13.11.RELEASE)[2.0.0.RELEASE,2.0.6.RELEASE)

Arbitrary Code Execution

org.springframework.data:spring-data-commons is a maven plugin to centralize common resources and configuration for Spring Data Maven builds.

Affected versions of this package are vulnerable to Arbitrary Code Execution. An unauthenticated remote malicious user (or attacker) can supply specially crafted request parameters against Spring Data REST backed HTTP resources or using Spring Data's projection-based request payload binding hat can lead to a remote code execution attack.

How to fix Arbitrary Code Execution?

Upgrade org.springframework.data:spring-data-commons to version 1.13.11.RELEASE, 2.0.6.RELEASE or higher.

[,1.13.11.RELEASE)[2.0.0.RELEASE,2.0.6.RELEASE)

org.springframework.data:spring-data-commons@2.0.0.RELEASE vulnerabilities

latest version

latest non vulnerable version

first published

latest version published

licenses detected

package manager

Direct Vulnerabilities

How to fix?