Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [day] [month] [year] [list]
Date: Tue, 26 Jun 2018 22:33:32 +0300
From: James Sirota <jsirota@...che.org>
To: oss-security@...ts.openwall.com,
	security@...ron.apache.org,
	james sirota <jsirota@...tonworks.com>,
	dev <dev@...ron.apache.org>
Subject: CVE-2018-1273 fixed in Metron 0.5.0


The following CVE was fixed in Metron 0.5.0:

[CVEID]: CVE-2018-1273
[PRODUCT]:Spring Data Commons
[VERSION]: versions prior to 1.13 to 1.13.10, 2.0 to 2.0.5, and older
[PROBLEMTYPE]:remote code execution attack
[REFERENCES]: https://pivotal.io/security/cve-2018-1273
[DESCRIPTION]:

Spring Data Commons, versions prior to 1.13 to 1.13.10, 2.0 to 2.0.5, and older unsupported versions, contain a property binder vulnerability caused by improper neutralization of special elements. An unauthenticated remote malicious user (or attacker) can supply specially crafted request parameters against Spring Data REST backed HTTP resources or using Spring Data’s projection-based request payload binding hat can lead to a remote code execution attack.

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ