CVE-2018-1274: Allocation of Resources Without Limits or Throttling

April 18, 2018 (updated May 14, 2024)

Spring Data Commons contain a property path parser vulnerability caused by unlimited resource allocation. An unauthenticated remote malicious user (or attacker) can issue requests against Spring Data REST endpoints or endpoints using property path parsing which can cause a denial of service (CPU and memory consumption).

References

www.securityfocus.com/bid/103769
nvd.nist.gov/vuln/detail/CVE-2018-1274
pivotal.io/security/cve-2018-1274

Code Behaviors & Features

Detect and mitigate CVE-2018-1274 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →