Search criteria
2 vulnerabilities found for Pivotal Spring Data REST and Spring Boot by Pivotal
CVE-2017-8046 (GCVE-0-2017-8046)
Vulnerability from cvelistv5 – Published: 2018-01-04 06:00 – Updated: 2024-08-05 16:19
VLAI?
Summary
Malicious PATCH requests submitted to servers using Spring Data REST versions prior to 2.6.9 (Ingalls SR9), versions prior to 3.0.1 (Kay SR1) and Spring Boot versions prior to 1.5.9, 2.0 M6 can use specially crafted JSON data to run arbitrary Java code.
Severity ?
No CVSS data available.
CWE
- run arbitrary Java code
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Pivotal | Pivotal Spring Data REST and Spring Boot |
Affected:
Pivotal Spring Data REST versions prior to 2.6.9 (Ingalls SR9), 3.0.1 (Kay SR1) and Spring Boot versions prior to 1.5.9, 2.0 M6
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:19:29.628Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://pivotal.io/security/cve-2017-8046"
},
{
"name": "RHSA-2018:2405",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2405"
},
{
"name": "100948",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/100948"
},
{
"name": "44289",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/44289/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Pivotal Spring Data REST and Spring Boot",
"vendor": "Pivotal",
"versions": [
{
"status": "affected",
"version": "Pivotal Spring Data REST versions prior to 2.6.9 (Ingalls SR9), 3.0.1 (Kay SR1) and Spring Boot versions prior to 1.5.9, 2.0 M6"
}
]
}
],
"datePublic": "2018-01-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Malicious PATCH requests submitted to servers using Spring Data REST versions prior to 2.6.9 (Ingalls SR9), versions prior to 3.0.1 (Kay SR1) and Spring Boot versions prior to 1.5.9, 2.0 M6 can use specially crafted JSON data to run arbitrary Java code."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "run arbitrary Java code",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-08-15T09:57:01",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://pivotal.io/security/cve-2017-8046"
},
{
"name": "RHSA-2018:2405",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2405"
},
{
"name": "100948",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/100948"
},
{
"name": "44289",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/44289/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"ID": "CVE-2017-8046",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Pivotal Spring Data REST and Spring Boot",
"version": {
"version_data": [
{
"version_value": "Pivotal Spring Data REST versions prior to 2.6.9 (Ingalls SR9), 3.0.1 (Kay SR1) and Spring Boot versions prior to 1.5.9, 2.0 M6"
}
]
}
}
]
},
"vendor_name": "Pivotal"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Malicious PATCH requests submitted to servers using Spring Data REST versions prior to 2.6.9 (Ingalls SR9), versions prior to 3.0.1 (Kay SR1) and Spring Boot versions prior to 1.5.9, 2.0 M6 can use specially crafted JSON data to run arbitrary Java code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "run arbitrary Java code"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://pivotal.io/security/cve-2017-8046",
"refsource": "CONFIRM",
"url": "https://pivotal.io/security/cve-2017-8046"
},
{
"name": "RHSA-2018:2405",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2405"
},
{
"name": "100948",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100948"
},
{
"name": "44289",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/44289/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2017-8046",
"datePublished": "2018-01-04T06:00:00",
"dateReserved": "2017-04-21T00:00:00",
"dateUpdated": "2024-08-05T16:19:29.628Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-8046 (GCVE-0-2017-8046)
Vulnerability from nvd – Published: 2018-01-04 06:00 – Updated: 2024-08-05 16:19
VLAI?
Summary
Malicious PATCH requests submitted to servers using Spring Data REST versions prior to 2.6.9 (Ingalls SR9), versions prior to 3.0.1 (Kay SR1) and Spring Boot versions prior to 1.5.9, 2.0 M6 can use specially crafted JSON data to run arbitrary Java code.
Severity ?
No CVSS data available.
CWE
- run arbitrary Java code
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Pivotal | Pivotal Spring Data REST and Spring Boot |
Affected:
Pivotal Spring Data REST versions prior to 2.6.9 (Ingalls SR9), 3.0.1 (Kay SR1) and Spring Boot versions prior to 1.5.9, 2.0 M6
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:19:29.628Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://pivotal.io/security/cve-2017-8046"
},
{
"name": "RHSA-2018:2405",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2405"
},
{
"name": "100948",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/100948"
},
{
"name": "44289",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/44289/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Pivotal Spring Data REST and Spring Boot",
"vendor": "Pivotal",
"versions": [
{
"status": "affected",
"version": "Pivotal Spring Data REST versions prior to 2.6.9 (Ingalls SR9), 3.0.1 (Kay SR1) and Spring Boot versions prior to 1.5.9, 2.0 M6"
}
]
}
],
"datePublic": "2018-01-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Malicious PATCH requests submitted to servers using Spring Data REST versions prior to 2.6.9 (Ingalls SR9), versions prior to 3.0.1 (Kay SR1) and Spring Boot versions prior to 1.5.9, 2.0 M6 can use specially crafted JSON data to run arbitrary Java code."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "run arbitrary Java code",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-08-15T09:57:01",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://pivotal.io/security/cve-2017-8046"
},
{
"name": "RHSA-2018:2405",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2405"
},
{
"name": "100948",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/100948"
},
{
"name": "44289",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/44289/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"ID": "CVE-2017-8046",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Pivotal Spring Data REST and Spring Boot",
"version": {
"version_data": [
{
"version_value": "Pivotal Spring Data REST versions prior to 2.6.9 (Ingalls SR9), 3.0.1 (Kay SR1) and Spring Boot versions prior to 1.5.9, 2.0 M6"
}
]
}
}
]
},
"vendor_name": "Pivotal"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Malicious PATCH requests submitted to servers using Spring Data REST versions prior to 2.6.9 (Ingalls SR9), versions prior to 3.0.1 (Kay SR1) and Spring Boot versions prior to 1.5.9, 2.0 M6 can use specially crafted JSON data to run arbitrary Java code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "run arbitrary Java code"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://pivotal.io/security/cve-2017-8046",
"refsource": "CONFIRM",
"url": "https://pivotal.io/security/cve-2017-8046"
},
{
"name": "RHSA-2018:2405",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2405"
},
{
"name": "100948",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100948"
},
{
"name": "44289",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/44289/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2017-8046",
"datePublished": "2018-01-04T06:00:00",
"dateReserved": "2017-04-21T00:00:00",
"dateUpdated": "2024-08-05T16:19:29.628Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}