CVE-2018-1274

HIGH

CVSS v3.1: 7.5 · EPSS: 0.0197 (77.9 percentile)

NetworkNo privilegesNo user interactionResource Exhaustion

Source data as of:

At a glance

Severity
HIGH
CVSS
7.5 v3.1 · NVD
EPSS
0.0197 (77.9 percentile) · FIRST.org
CISA KEV
No
Type
Resource Exhaustion · NVD CWE
Attack conditions (CVSS vector)
NetworkNo privilegesNo user interaction · Source: NVD Vector
Affected vendors
broadcom, pivotal_software, vmware
Published
2018-04-18 · Modified: 2026-06-26
References
Jump to references (3)

CVSS / EPSS / KEV

CVSS v3.1 7.5 / 10 HIGH Source: NVD
EPSS 0.0197 77.9 percentile Source: FIRST.org
CISA KEV No Source: CISA

Source — CVSS: NVD · EPSS: FIRST.org · KEV: CISA. Data & Sources

Description

Spring Data Commons, versions 1.13 to 1.13.10, 2.0 to 2.0.5, and older unsupported versions, contain a property path parser vulnerability caused by unlimited resource allocation. An unauthenticated remote malicious user (or attacker) can issue requests against Spring Data REST endpoints or endpoints using property path parsing which can cause a denial of service (CPU and memory consumption).

Record details

CVE ID
CVE-2018-1274
CVSS (v3.1)
7.5 (HIGH)
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Exploitability subscore
3.9
Impact subscore
3.6
EPSS
0.0197 (77.9 percentile) — 2026-06-27
CISA KEV
No
Weakness (CWE)
CWE-770
Affected vendors
broadcom, pivotal_software, vmware
Affected configurations (CPE)
4
Published
2018-04-18
Modified
2026-06-26
Status
Analyzed

References

Reference URLs as listed by NVD, grouped by a mechanical match on the link's host/pattern. Labels describe the link type only.

Related records

Other records sharing a factual facet, for cross-reference. A descriptive neighbourhood — ordering does not imply priority and is not a recommendation.

Same affected vendor

CVE-2018-1273 CRITICAL CVSS 9.8 KEV CVE-2018-1259 HIGH CVSS 7.5 CVE-2017-8046 CRITICAL CVSS 9.8 CVE-2026-41840 MEDIUM CVSS 5.9

Same weakness type (CWE)

CVE-2026-54273 HIGH CVSS 7.5 CVE-2026-54274 HIGH CVSS 7.5 CVE-2026-54283 HIGH CVSS 7.5 CVE-2026-54448 MEDIUM CVSS 6.5

Published the same year

CVE-2018-1273 CRITICAL CVSS 9.8 KEV CVE-2018-1259 HIGH CVSS 7.5
← Back to all records