Description
Spring Data Commons, versions 1.13 to 1.13.10, 2.0 to 2.0.5, and older unsupported versions, contain a property path parser vulnerability caused by unlimited resource allocation. An unauthenticated remote malicious user (or attacker) can issue requests against Spring Data REST endpoints or endpoints using property path parsing which can cause a denial of service (CPU and memory consumption).
Remediation
References
http://www.securityfocus.com/bid/103769
https://pivotal.io/security/cve-2018-1274
https://www.oracle.com/security-alerts/cpujul2022.html
Related Vulnerabilities
CVE-2015-6524 Vulnerability in maven package org.apache.activemq:activemq-jaas
CVE-2012-0391 Vulnerability in maven package com.opensymphony:xwork-core
CVE-2023-27899 Vulnerability in maven package org.jenkins-ci.main:jenkins-core
CVE-2020-7747 Vulnerability in npm package lightning-server
CVE-2022-24898 Vulnerability in maven package org.xwiki.commons:xwiki-commons-xml