admin/GobyVuls
1
0
Fork 0
mirror of https://github.com/gobysec/GobyVuls.git synced 2025-06-20 18:00:22 +00:00
Code Issues Packages Projects Releases Wiki Activity

add CVE-2018-1273

Browse Source
This commit is contained in:
tardc 2020-11-06 22:08:11 +08:00
parent c781c5a349
commit e7be49c084
2 changed files with 11 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

BIN
Spring/CVE-2018-1273/CVE-2018-1273.gif Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 442 KiB

11
Spring/CVE-2018-1273/README.md Normal file
View File

@ -0,0 +1,11 @@
# CVE-2018-1273 Spring Data Commons RCE
Spring Data Commons, versions prior to 1.13 to 1.13.10, 2.0 to 2.0.5, and older unsupported versions, contain a property binder vulnerability caused by improper neutralization of special elements. An unauthenticated remote malicious user (or attacker) can supply specially crafted request parameters against Spring Data REST backed HTTP resources or using Spring Data's projection-based request payload binding hat can lead to a remote code execution attack.
**Affected Version**: Spring Data Commons 1.13 - 1.13.10, 2.0 - 2.0.5, older unsupported versions
**[FOFA](https://fofa.so/result?qbase64=YXBwPSJTcHJpbmdCb290Ig%3D%3D) query rule**: app="SpringBoot"
# Demo
![](CVE-2018-1273.gif)