Description
Spring Data Commons, versions 1.13 to 1.13.10, 2.0 to 2.0.5, and older unsupported versions, contain a property path parser vulnerability caused by unlimited resource allocation. An unauthenticated remote malicious user (or attacker) can issue requests against Spring Data REST endpoints or endpoints using property path parsing which can cause a denial of service (CPU and memory consumption).
Remediation
References
http://www.securityfocus.com/bid/103769
https://pivotal.io/security/cve-2018-1274
https://www.oracle.com/security-alerts/cpujul2022.html
Related Vulnerabilities
CVE-2020-7717 Vulnerability in npm package dot-notes
CVE-2023-34617 Vulnerability in maven package com.owlike:genson
CVE-2020-13946 Vulnerability in maven package org.apache.cassandra:cassandra-all
CVE-2022-23496 Vulnerability in maven package nl.basjes.parse.useragent:yauaa-flink-table
CVE-2014-7810 Vulnerability in maven package org.apache.tomcat:tomcat-jasper