CVE-2018-1273
KEV · ransomware Critical · CVSS 9.8Spring Data Commons — SpEL injection / remote code execution via property binder
- CVSS
- 9.8
- nvd
- EPSS
- —
- KEV
- Listed
- ransomware
- Class
- oss containerizable
- CWE-94, NVD-CWE-Other
Description
Spring Data Commons, versions prior to 1.13 to 1.13.10, 2.0 to 2.0.5, and older unsupported versions, contain a property binder vulnerability caused by improper neutralization of special elements. An unauthenticated remote malicious user (or attacker) can supply specially crafted request parameters against Spring Data REST backed HTTP resources or using Spring Data's projection-based request payload binding hat can lead to a remote code execution attack.
Search profile — drives PoC discovery
Symbols MapDataBinderProjectingMethodInterceptorProxyProjectionFactoryMapPropertyAccessorSpelExpressionspelExpressionParserEvaluationContextStandardEvaluationContextRepositoryPropertyAccessorprojection-based request payload bindingSpring Data REST
Keywords CVE-2018-1273Spring Data Commons RCESpring Data REST property binder exploitSpEL injection Spring DataSpring Data Commons PoCMapDataBinder exploitSpring Data Commons 1.13Spring Data Commons 2.0projection binding RCESpring Data REST unauthenticated RCE
Versions: 1.13.0 to 1.13.9, 2.0.0 to 2.0.4 (and older unsupported versions)
Candidate PoCs (81) — discovered, not yet vetted or ranked
- jas502n/cve-2018-1273★ 58nomi_sec
- wearearima/poc-cve-2018-1273★ 24nomi_sec
- knqyf263/CVE-2018-1273★ 10nomi_sec
- webr0ck/poc-cve-2018-1273★ 2nomi_sec
- 0day666/Vulnerability-verification★ 0trickest
- 0xT11/CVE-POC★ 0trickest
- 20142995/Goby★ 0trickest
- 20142995/nuclei-templates★ 0trickest
- 20142995/pocsuite★ 0trickest
- 20142995/pocsuite3★ 0trickest
- 20142995/sectool★ 0trickest
- 2lambda123/SBSCAN★ 0trickest
- ARPSyndicate/cve-scores★ 0trickest
- ARPSyndicate/cvemon★ 0trickest
- ARPSyndicate/kenzer-templates★ 0trickest
- AabyssZG/SpringBoot-Scan★ 0trickest
- Agilevatester/SpringSecurity★ 0trickest
- Agilevatester/SpringSecurityV1★ 0trickest
- CLincat/vulcat★ 0trickest
- Elsfa7-110/kenzer-templates★ 0trickest
- HackJava/HackSpring★ 0trickest
- HackJava/Spring★ 0trickest
- HimmelAward/Goby_POC★ 0trickest
- Ljw1114/SpringFramework-Vul★ 0trickest
- NorthShad0w/FINAL★ 0trickest
- NyxAzrael/Goby_POC★ 0trickest
- Ostorlab/KEV★ 0trickest
- ★ 0
- PuddinCat/GithubRepoSpider★ 0trickest
- Secxt/FINAL★ 0trickest
- SexyBeast233/SecBooks★ 0trickest
- SugarP1g/LearningSecurity★ 0trickest
- Threekiii/Awesome-POC★ 0trickest
- Threekiii/Vulhub-Reproduce★ 0trickest
- Tim1995/FINAL★ 0trickest
- Whoopsunix/PPPVULNS★ 0trickest
- WuliRuler/SBSCAN★ 0trickest
- XTeam-Wing/RedTeaming2020★ 0trickest
- XiaomingX/awesome-poc-for-red-team★ 0trickest
- Xx-otaku/SpringScan★ 0trickest
- Z0fhack/Goby_POC★ 0trickest
- Zero094/Vulnerability-verification★ 0trickest
- asa1997/topgear_test★ 0trickest
- ax1sX/SpringSecurity★ 0trickest
- bakery312/Vulhub-Reproduce★ 0trickest
- bkhablenko/CVE-2017-8046★ 0trickest
- cved-sources/cve-2018-1273★ 0nomi_sec
- developer3000S/PoC-in-GitHub★ 0trickest
- hdgokani/CVE-2018-1273★ 0nomi_sec
- hectorgie/PoC-in-GitHub★ 0trickest
- hktalent/bug-bounty★ 0trickest
- huimzjty/vulwiki★ 0trickest
- ilmari666/cybsec★ 0trickest
- ilmila/J2EEScan★ 0trickest
- j5s/HacLang★ 0trickest
- j5s/HacLang-1★ 0trickest
- jiangsir404/POC-S★ 0trickest
- just0rg/Security-Interview★ 0trickest
- langu-xyz/JavaVulnMap★ 0trickest
- lnick2023/nicenice★ 0trickest
- merlinepedra/nuclei-templates★ 0trickest
- merlinepedra25/nuclei-templates★ 0trickest
- ★ 0
- nBp1Ng/SpringFramework-Vul★ 0trickest
- onewinner/VulToolsKit★ 0trickest
- plzheheplztrying/cve_monitor★ 0trickest
- qazbnm456/awesome-cve-poc★ 0trickest
- qiuluo-oss/Tiger★ 0trickest
- ronoski/j2ee-rscan★ 0trickest
- seal-community/patches★ 0trickest
- snowlovely/HacLang★ 0trickest
- sobinge/nuclei-templates★ 0trickest
- sspsec/Scan-Spring-GO★ 0trickest
- sule01u/SBSCAN★ 0trickest
- superlink996/chunqiuyunjingbachang★ 0trickest
- tomoyamachi/gocarts★ 0trickest
- whoadmin/pocs★ 0trickest
- xbl3/awesome-cve-poc_qazbnm456★ 0trickest
- zhengjim/loophole★ 0trickest
- zisigui123123s/FINAL★ 0trickest
- zjr-g/SpringDetector★ 0trickest
Recall-favoring discovery (nomi-sec + trickest). Vetting + ranking is the Stage-4 scorer.
References
- http://mail-archives.apache.org/mod_mbox/ignite-dev/201807.mbox/%3CCAK0qHnqzfzmCDFFi6c5Jok19zNkVCz5Xb4sU%3D0f2J_1i4p46zQ%40mail.gmail.com%3E
- https://pivotal.io/security/cve-2018-1273
- https://www.oracle.com/security-alerts/cpujul2022.html
- http://mail-archives.apache.org/mod_mbox/ignite-dev/201807.mbox/%3CCAK0qHnqzfzmCDFFi6c5Jok19zNkVCz5Xb4sU%3D0f2J_1i4p46zQ%40mail.gmail.com%3E
- https://pivotal.io/security/cve-2018-1273
- https://www.oracle.com/security-alerts/cpujul2022.html
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-1273
Status: enriched · ingested 2026-06-16T00:00:58.000Z · profiled 2026-06-16T18:19:23.017Z