CRITICAL🇬🇧 English

CVE-2017-8046

CVSS 9.8v3.0pub. 2018-01-04upd. 2026-06-26

Malicious PATCH requests submitted to servers using Spring Data REST versions prior to 2.6.9 (Ingalls SR9), versions prior to 3.0.1 (Kay SR1) and Spring Boot versions prior to 1.5.9, 2.0 M6 can use specially crafted JSON data to run arbitrary Java code.

oryginał EN
CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Pivotal Software Spring Data Rest

    APP
    Pivotal Software
    3.0.0
  • VMware Spring Boot

    APP
    Vmware
    2.0.0< 1.5.9
  • VMware Spring Data Rest

    APP
    Vmware
    3.0.0< 2.6.9
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2018-1273CRITICAL9.8⚠ KEVten sam produkt

Spring Data Commons, versions prior to 1.13 to 1.13.10, 2.0 to 2.0.5, and older unsupported versions, contain ...

CVE-2026-40976CRITICAL9.1PL ✓ten sam produkt

VMware Spring Boot: nieefektywna domyślna ochrona web security — nieautoryzowany dostęp

CVE-2023-44794CRITICAL9.8ten sam produkt

An issue in Dromara SaToken version 1.36.0 and before allows a remote attacker to escalate privileges via a cr...

CVE-2023-20873CRITICAL9.8ten sam produkt

In Spring Boot versions 3.0.0 - 3.0.5, 2.7.0 - 2.7.10, and older unsupported versions, an application that is ...

CVE-2021-26987CRITICAL9.8ten sam produkt

Element Plug-in for vCenter Server incorporates SpringBoot Framework. SpringBoot Framework versions prior to 1...

CVE-2017-8046 — CRITICAL 9.8 | CVEbaza.pl