CVE-2017-8046

State: PUBLISHED · Published: 2018-01-04 · Updated: 2024-08-05 · Assigner: dell

Description

Malicious PATCH requests submitted to servers using Spring Data REST versions prior to 2.6.9 (Ingalls SR9), versions prior to 3.0.1 (Kay SR1) and Spring Boot versions prior to 1.5.9, 2.0 M6 can use specially crafted JSON data to run arbitrary Java code.

CWE

(none)

Affected

Pivotal / Pivotal Spring Data REST and Spring Boot — v=Pivotal Spring Data REST versions prior to 2.6.9 (Ingalls SR9), 3.0.1 (Kay SR1) and Spring Boot versions prior to 1.5.9, 2.0 M6 [affected]

CVSS

(none)

References

https://pivotal.io/security/cve-2017-8046 x_refsource_CONFIRM
https://access.redhat.com/errata/RHSA-2018:2405 vendor-advisory, x_refsource_REDHAT
http://www.securityfocus.com/bid/100948 vdb-entry, x_refsource_BID
https://www.exploit-db.com/exploits/44289/ exploit, x_refsource_EXPLOIT-DB

Source

cvelistV5-main/cves/2017/8xxx/CVE-2017-8046.json