CVE-2017-8046
CRITICAL9.8EPSS 94.0%Remote code execution in PATCH requests in Spring Data REST
發布日:2022/5/13修改日:2023/11/8
描述
Malicious PATCH requests submitted to servers using Spring Data REST versions prior to 2.6.9 (Ingalls SR9), versions prior to 3.0.1 (Kay SR1) can use specially crafted JSON data to run arbitrary Java code.
受影響套件(1)
- Maven/org.springframework.data:spring-data-rest-corefrom 0, < 2.6.9.RELEASE
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | CRITICAL9.8 | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
參考連結(8)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2017-8046
- PATCHhttps://github.com/spring-projects/spring-data-rest
- WEBhttps://access.redhat.com/errata/RHSA-2018:2405
- WEBhttps://bugzilla.redhat.com/show_bug.cgi?id=1553024
- WEBhttps://github.com/spring-projects/spring-data-rest/issues/1487
- WEBhttps://github.com/spring-projects/spring-data-rest/issues/1520
- WEBhttps://jira.spring.io/browse/DATAREST-1127?redirect=false
- WEBhttps://pivotal.io/security/cve-2017-8046