CRITICAL🇵🇱 Wersja polska

CVE-2017-8046

CVSS 9.8v3.0pub. 2018-01-04upd. 2026-06-26

Malicious PATCH requests submitted to servers using Spring Data REST versions prior to 2.6.9 (Ingalls SR9), versions prior to 3.0.1 (Kay SR1) and Spring Boot versions prior to 1.5.9, 2.0 M6 can use specially crafted JSON data to run arbitrary Java code.

CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Pivotal Software Spring Data Rest

    APP
    Pivotal Software
    3.0.0
  • VMware Spring Boot

    APP
    Vmware
    2.0.0< 1.5.9
  • VMware Spring Data Rest

    APP
    Vmware
    3.0.0< 2.6.9
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2018-1273CRITICAL9.8⚠ KEVten sam produkt

Spring Data Commons, versions prior to 1.13 to 1.13.10, 2.0 to 2.0.5, and older unsupported versions, contain ...

CVE-2026-40976CRITICAL9.1PL ✓ten sam produkt

VMware Spring Boot: nieefektywna domyślna ochrona web security — nieautoryzowany dostęp

CVE-2023-44794CRITICAL9.8ten sam produkt

An issue in Dromara SaToken version 1.36.0 and before allows a remote attacker to escalate privileges via a cr...

CVE-2023-20873CRITICAL9.8ten sam produkt

In Spring Boot versions 3.0.0 - 3.0.5, 2.7.0 - 2.7.10, and older unsupported versions, an application that is ...

CVE-2021-26987CRITICAL9.8ten sam produkt

Element Plug-in for vCenter Server incorporates SpringBoot Framework. SpringBoot Framework versions prior to 1...