Vulnerabilites related to Pivotal - Pivotal Spring Data REST and Spring Boot
CVE-2017-8046 (GCVE-0-2017-8046)
Vulnerability from cvelistv5
Published
2018-01-04 06:00
Modified
2024-08-05 16:19
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- run arbitrary Java code
Summary
Malicious PATCH requests submitted to servers using Spring Data REST versions prior to 2.6.9 (Ingalls SR9), versions prior to 3.0.1 (Kay SR1) and Spring Boot versions prior to 1.5.9, 2.0 M6 can use specially crafted JSON data to run arbitrary Java code.
References
► | URL | Tags | ||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Pivotal | Pivotal Spring Data REST and Spring Boot |
Version: Pivotal Spring Data REST versions prior to 2.6.9 (Ingalls SR9), 3.0.1 (Kay SR1) and Spring Boot versions prior to 1.5.9, 2.0 M6 |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T16:19:29.628Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://pivotal.io/security/cve-2017-8046" }, { "name": "RHSA-2018:2405", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2018:2405" }, { "name": "100948", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/100948" }, { "name": "44289", "tags": [ "exploit", "x_refsource_EXPLOIT-DB", "x_transferred" ], "url": "https://www.exploit-db.com/exploits/44289/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Pivotal Spring Data REST and Spring Boot", "vendor": "Pivotal", "versions": [ { "status": "affected", "version": "Pivotal Spring Data REST versions prior to 2.6.9 (Ingalls SR9), 3.0.1 (Kay SR1) and Spring Boot versions prior to 1.5.9, 2.0 M6" } ] } ], "datePublic": "2018-01-04T00:00:00", "descriptions": [ { "lang": "en", "value": "Malicious PATCH requests submitted to servers using Spring Data REST versions prior to 2.6.9 (Ingalls SR9), versions prior to 3.0.1 (Kay SR1) and Spring Boot versions prior to 1.5.9, 2.0 M6 can use specially crafted JSON data to run arbitrary Java code." } ], "problemTypes": [ { "descriptions": [ { "description": "run arbitrary Java code", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-08-15T09:57:01", "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "shortName": "dell" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://pivotal.io/security/cve-2017-8046" }, { "name": "RHSA-2018:2405", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2018:2405" }, { "name": "100948", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/100948" }, { "name": "44289", "tags": [ "exploit", "x_refsource_EXPLOIT-DB" ], "url": "https://www.exploit-db.com/exploits/44289/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security_alert@emc.com", "ID": "CVE-2017-8046", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Pivotal Spring Data REST and Spring Boot", "version": { "version_data": [ { "version_value": "Pivotal Spring Data REST versions prior to 2.6.9 (Ingalls SR9), 3.0.1 (Kay SR1) and Spring Boot versions prior to 1.5.9, 2.0 M6" } ] } } ] }, "vendor_name": "Pivotal" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Malicious PATCH requests submitted to servers using Spring Data REST versions prior to 2.6.9 (Ingalls SR9), versions prior to 3.0.1 (Kay SR1) and Spring Boot versions prior to 1.5.9, 2.0 M6 can use specially crafted JSON data to run arbitrary Java code." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "run arbitrary Java code" } ] } ] }, "references": { "reference_data": [ { "name": "https://pivotal.io/security/cve-2017-8046", "refsource": "CONFIRM", "url": "https://pivotal.io/security/cve-2017-8046" }, { "name": "RHSA-2018:2405", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:2405" }, { "name": "100948", "refsource": "BID", "url": "http://www.securityfocus.com/bid/100948" }, { "name": "44289", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/44289/" } ] } } } }, "cveMetadata": { "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "assignerShortName": "dell", "cveId": "CVE-2017-8046", "datePublished": "2018-01-04T06:00:00", "dateReserved": "2017-04-21T00:00:00", "dateUpdated": "2024-08-05T16:19:29.628Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }