Xmlbeam

xmlbeam

1 CVE • 1 product

Products (1)

Click to collapse

Toggle

Xmlbeam

xmlbeam

1 CVE

CVEs (1)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2018-1259 2Pivotal Software Xmlbeam 3Spring Data Commons Spring Data RestXmlbeam Nov 21, 2024 May 11, 2018 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Spring Data Commons, versions 1.13 prior to 1.13.12 and 2.0 prior to 2.0.7, used in combination with XMLBeam 1.4.14 or earlier versions, contains a property binder vulnerability caused by improper restriction of XML exte...Show more Spring Data Commons, versions 1.13 prior to 1.13.12 and 2.0 prior to 2.0.7, used in combination with XMLBeam 1.4.14 or earlier versions, contains a property binder vulnerability caused by improper restriction of XML external entity references as underlying library XMLBeam does not restrict external reference expansion. An unauthenticated remote malicious user can supply specially crafted request parameters against Spring Data's projection-based request payload binding to access arbitrary files on the system.Show less

CVE

VENDORS

PRODUCTS

UPDATED

PUBLISHED

CVSS

CVE-2018-1259

2Pivotal Software

Xmlbeam

3Spring Data Commons

Spring Data RestXmlbeam

Nov 21, 2024

May 11, 2018

N/A· v4

7.5 HIGH· v3

5.0 MEDIUM· v2

Spring Data Commons, versions 1.13 prior to 1.13.12 and 2.0 prior to 2.0.7, used in combination with XMLBeam 1.4.14 or earlier versions, contains a property binder vulnerability caused by improper restriction of XML external entity references as underlying library XMLBeam does not restrict external reference expansion. An unauthenticated remote malicious user can supply specially crafted request parameters against Spring Data's projection-based request payload binding to access arbitrary files on the system.Show less