CVE•Published 2018-04-11•Modified 2026-06-26•1 article on news•6 live references•NVD data
CVE-2018-1273Broadcom · Spring_data_commons
Vulnerability data via NVD (ingested)
CVSS v3.1
9.8
CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS percentile
100
Exploit Prediction Scoring System · top 0% of all CVEs
Weaknesses (CWE)
Description
Spring Data Commons, versions prior to 1.13 to 1.13.10, 2.0 to 2.0.5, and older unsupported versions, contain a property binder vulnerability caused by improper neutralization of special elements. An unauthenticated remote malicious user (or attacker) can supply specially crafted request parameters against Spring Data REST backed HTTP resources or using Spring Data's projection-based request payload binding hat can lead to a remote code execution attack.
Timeline
Published 2018-04-11
Modified 2026-06-26
External references
Search for exposed instances
Shodan + Censys queries derived from NVD's CPE data. The vuln tag catches assets Shodan has explicitly linked to this CVE; the product / banner fingerprints find exposed instances even when the vuln tag was never applied (which is common).
Shodan · vuln tag0 hosts
vuln:CVE-2018-1273Hosts Shodan has explicitly fingerprinted as vulnerable.
Shodan · product
product:"Broadcom Spring Data Commons"All exposed Broadcom Spring Data Commons instances — cross-reference with the CVE's affected-version range.
Shodan · banner/body mention
http.html:"Spring Data Commons"HTTP body or banner mentions "Spring Data Commons" — catches deploys Shodan didn't identify as a product.
More intel sources (5)
Shodan report
vuln:CVE-2018-1273Country / ASN / product breakdown for the vuln query.
Censys
vulnerabilities.cve_id: CVE-2018-1273Censys host search filtered to this CVE id.
grep.app
CVE-2018-1273Public source-code mentions — fast PoC discovery.
GitHub code
CVE-2018-1273GitHub code search for direct mentions.
Google dork
"CVE-2018-1273" exploit -site:nvd.nist.govWrite-ups and news, NVD excluded.
Known PoCs on GitHub (6)
CVE-2018-12736 repos
Threekiii/Awesome-POCJava
一个漏洞 PoC 知识库。A knowledge base for vulnerability PoCs(Proof of Concept), with 1k+ vulnerabilities.
AabyssZG/SpringBoot-ScanPython
针对SpringBoot的开源渗透框架,以及Spring相关高危漏洞利用工具
SexyBeast233/SecBooksHTML
安全类各家文库大乱斗
aluxnimm/outlookcaldavsynchronizerC#
Sync Outlook with Google, SOGo, Nextcloud or any other CalDAV/CardDAV server
superiorlu/AITreasureBoxRuby
🤖 Automatically collected AI repos, tools, websites, papers & tutorials. 实用AI百宝箱 💎
ilmila/J2EEScanJava
J2EEScan is a plugin for Burp Suite Proxy. The goal of this plugin is to improve the test coverage during web application penetration tests on J2EE applications.