CVE-2018-1273

CRITICAL KEV RANSOMWARE NUCLEI

Spring Data Commons < 1.13.11 - Unauthenticated Remote Code Execution via Property Binder

Title source: llm
STIX 2.1

Exploitation Summary

CVE-2018-1273 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added March 25, 2022, with confirmed use in ransomware campaigns. EIP tracks 9 public exploits from researchers including jas502n, wearearima, knqyf263. A Nuclei detection template is also available.

AI-analyzed exploit summary This repository contains a working proof-of-concept exploit for CVE-2018-1273, a remote code execution vulnerability in Spring Data Commons. The exploit leverages SpEL injection to execute arbitrary commands on the target system.

Description

Spring Data Commons, versions prior to 1.13 to 1.13.10, 2.0 to 2.0.5, and older unsupported versions, contain a property binder vulnerability caused by improper neutralization of special elements. An unauthenticated remote malicious user (or attacker) can supply specially crafted request parameters against Spring Data REST backed HTTP resources or using Spring Data's projection-based request payload binding hat can lead to a remote code execution attack.

Exploits (9)

nomisec WORKING POC 58 stars
by jas502n · remote
https://github.com/jas502n/cve-2018-1273

This repository contains a working proof-of-concept exploit for CVE-2018-1273, a remote code execution vulnerability in Spring Data Commons. The exploit leverages SpEL injection to execute arbitrary commands on the target system.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: Spring Data Commons (versions prior to 1.13.10, 2.0.5, and older unsupported versions)
No auth needed
Prerequisites: Target application must be using a vulnerable version of Spring Data Commons · Target endpoint must be exposed and accessible
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC 24 stars
by wearearima · poc
https://github.com/wearearima/poc-cve-2018-1273

This repository contains a functional proof-of-concept for CVE-2018-1273, demonstrating a property binder vulnerability in Spring Data Commons that allows unauthenticated remote code execution via crafted request parameters.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: Spring Data Commons (versions prior to 1.13.10, 2.0 to 2.0.5, and older unsupported versions)
No auth needed
Prerequisites: A Spring Data REST application exposed to the internet or accessible network · Ability to send HTTP POST requests to the vulnerable endpoint
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC 10 stars
by knqyf263 · remote
https://github.com/knqyf263/CVE-2018-1273

This repository provides a Dockerized environment to exploit CVE-2018-1273, a SpEL injection vulnerability in Spring Data Commons. The PoC demonstrates remote code execution (RCE) via crafted HTTP requests targeting the `/users/` endpoint.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: Spring Data Commons (versions before 1.13.11, 2.0.6)
No auth needed
Prerequisites: Docker · vulnerable Spring Data Commons application running
devstral-2 · analyzed Feb 16, 2026 Full analysis →
github WORKING POC 5 stars
by JAckLosingHeart · javapoc
https://github.com/JAckLosingHeart/CVE-PoC-Collection/tree/main/spring-CVE-2018-1273

This repository contains a functional PoC for CVE-2018-1273, a Spring Data Commons vulnerability allowing unauthorized access to data via crafted requests. The vulnerable controller demonstrates the flaw by exposing an endpoint that processes unvalidated input.

Classification
Working Poc 90%
Attack Type
Auth Bypass
Complexity
Moderate
Reliability
Reliable
Target: Spring Data Commons (versions before 1.13.11, 2.0.6)
No auth needed
Prerequisites: Spring Boot application with vulnerable Spring Data Commons dependency
devstral-2 · analyzed Feb 27, 2026 Full analysis →
nomisec WORKING POC 2 stars
by webr0ck · poc
https://github.com/webr0ck/poc-cve-2018-1273

This repository contains a functional proof-of-concept for CVE-2018-1273, a property binder vulnerability in Spring Data Commons. The exploit demonstrates remote code execution via crafted request parameters targeting Spring Data REST endpoints.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: Spring Data Commons (versions prior to 1.13.10, 2.0.5)
No auth needed
Prerequisites: Exposed Spring Data REST endpoint · Network access to the target
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec STUB
by dawetmaster · poc
https://github.com/dawetmaster/CVE-2018-1273-spring-data-commons-vulnerable

This repository contains a partial snapshot of Spring Data Commons source code but lacks any exploit code or technical analysis related to CVE-2018-1273. It appears to be a placeholder or incomplete fork.

Classification
Stub 90%
Attack Type
Other
Complexity
Trivial
Reliability
Theoretical
Target: Spring Data Commons
No auth needed
devstral-2 · analyzed Mar 14, 2026 Full analysis →
nomisec STUB
by andikahilmy · poc
https://github.com/andikahilmy/CVE-2018-1273-spring-data-commons-vulnerable

This repository contains only the source code of Spring Data Commons, specifically the vulnerable version (dc85837) related to CVE-2018-1273. It lacks any exploit code, proof-of-concept, or technical analysis of the vulnerability itself.

Classification
Stub 90%
Attack Type
Other
Complexity
Trivial
Reliability
Theoretical
Target: Spring Data Commons (version dc85837)
No auth needed
Prerequisites: Access to a vulnerable Spring Data Commons instance
devstral-2 · analyzed Feb 18, 2026 Full analysis →
nomisec WORKING POC
by hdgokani · remote
https://github.com/hdgokani/CVE-2018-1273

This repository contains a functional proof-of-concept for CVE-2018-1273, demonstrating a property binder vulnerability in Spring Data Commons that allows remote code execution via crafted request parameters. The PoC includes a vulnerable Spring Boot application and curl commands to exploit it.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: Spring Data Commons (versions prior to 1.13.10, 2.0.5, and older unsupported versions)
No auth needed
Prerequisites: A vulnerable Spring Data Commons application with exposed endpoints
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec STUB
by cved-sources · poc
https://github.com/cved-sources/cve-2018-1273

This repository contains a minimal script to run a vulnerable Spring Data REST application in a loop, but lacks actual exploit code or details. It is part of a vulnerable container management tool (Cved).

Classification
Stub 90%
Attack Type
Other
Complexity
Trivial
Reliability
Theoretical
Target: Spring Data REST (version not specified)
No auth needed
Prerequisites: Docker environment · Vulnerable Spring Data REST application
devstral-2 · analyzed Feb 16, 2026 Full analysis →

Nuclei Templates (1)

Spring Data Commons - Remote Code Execution
CRITICALby dwisiswant0

References (4)

Core 4

Scores

CVSS v3 9.8
EPSS 0.9429
EPSS Percentile 99.9%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation active
Automatable yes
Technical Impact total

Details

CISA KEV 2022-03-25
VulnCheck KEV 2019-01-08
InTheWild.io 2019-03-13
ENISA EUVD EUVD-2018-0500
Ransomware Use Confirmed
CWE
CWE-94
Status published
Products (7)
apache/ignite 1.0.0 (2 CPE variants)
apache/ignite 1.0.1 - 2.5.0
oracle/financial_services_crime_and_compliance_management_studio 8.0.8.2.0
oracle/financial_services_crime_and_compliance_management_studio 8.0.8.3.0
org.springframework.data/spring-data-commons 1.13.0 - 1.13.11Maven
pivotal_software/spring_data_commons < 1.12.10
pivotal_software/spring_data_rest < 2.5.10
Published Apr 11, 2018
KEV Added Mar 25, 2022
Tracked Since Feb 18, 2026