CVE-2018-1274

HIGH

Pivotal Software Spring Data Commons < 1.13.11 - Resource Allocation Without Limits

Title source: rule
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2018-1274. PoCs published by dawetmaster, andikahilmy.

AI-analyzed exploit summary This repository contains a partial snapshot of Spring Data Commons source code but lacks any exploit code or technical analysis related to CVE-2018-1274. It appears to be a placeholder or incomplete fork of the original project.

Description

Spring Data Commons, versions 1.13 to 1.13.10, 2.0 to 2.0.5, and older unsupported versions, contain a property path parser vulnerability caused by unlimited resource allocation. An unauthenticated remote malicious user (or attacker) can issue requests against Spring Data REST endpoints or endpoints using property path parsing which can cause a denial of service (CPU and memory consumption).

Exploits (2)

nomisec STUB
by dawetmaster · poc
https://github.com/dawetmaster/CVE-2018-1274-spring-data-commons-vulnerable

This repository contains a partial snapshot of Spring Data Commons source code but lacks any exploit code or technical analysis related to CVE-2018-1274. It appears to be a placeholder or incomplete fork of the original project.

Classification
Stub 90%
Attack Type
Other
Complexity
Theoretical
Reliability
Theoretical
Target: Spring Data Commons
No auth needed
devstral-2 · analyzed Mar 14, 2026 Full analysis →
nomisec STUB
by andikahilmy · poc
https://github.com/andikahilmy/CVE-2018-1274-spring-data-commons-vulnerable

This repository contains only a partial snapshot of the Spring Data Commons project, including annotations and basic infrastructure code, but lacks any exploit code or demonstration of CVE-2018-1274. It appears to be a placeholder or incomplete fork without functional PoC.

Classification
Stub 90%
Attack Type
Other
Complexity
Theoretical
Reliability
Theoretical
Target: Spring Data Commons
No auth needed
Prerequisites: None identified
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (3)

Core 3
Core References
Broken Link vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/103769
Third Party Advisory x_refsource_misc
https://www.oracle.com/security-alerts/cpujul2022.html
Vendor Advisory x_refsource_confirm
https://pivotal.io/security/cve-2018-1274

Scores

CVSS v3 7.5
EPSS 0.0084
EPSS Percentile 75.3%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

CWE
CWE-770
Status published
Products (3)
org.springframework.data/spring-data-commons 0 - 1.13.11Maven
pivotal_software/spring_data_commons < 1.13.11
pivotal_software/spring_data_rest 2.6 - 2.6.10
Published Apr 18, 2018
Tracked Since Feb 18, 2026