Description
Spring Data Commons, versions 1.13 to 1.13.10, 2.0 to 2.0.5, and older unsupported versions, contain a property path parser vulnerability caused by unlimited resource allocation. An unauthenticated remote malicious user (or attacker) can issue requests against Spring Data REST endpoints or endpoints using property path parsing which can cause a denial of service (CPU and memory consumption).
Remediation
References
http://www.securityfocus.com/bid/103769
https://pivotal.io/security/cve-2018-1274
https://www.oracle.com/security-alerts/cpujul2022.html
Related Vulnerabilities
CVE-2020-8158 Vulnerability in npm package typeorm
CVE-2015-8862 Vulnerability in maven package org.webjars.bower:mustache
CVE-2017-11341 Vulnerability in npm package node-sass
CVE-2018-3737 Vulnerability in maven package org.webjars.npm:sshpk
CVE-2018-14042 Vulnerability in maven package org.webjars.npm:bootstrap-sass