Security
Headlines
HeadlinesLatestCVEs

Headline

GHSA-fv7x-v67w-cvqv: Spring Data REST can expose hidden entity attributes

Applications that allow HTTP PATCH access to resources exposed by Spring Data REST in versions 3.6.0 - 3.6.6, 3.7.0 - 3.7.2, and older unsupported versions, if an attacker knows about the structure of the underlying domain model, they can craft HTTP requests that expose hidden entity attributes.

ghsa
#java#sap#maven

Package

maven org.springframework.data:spring-data-rest-core (Maven)

Affected versions

>= 3.6.0, < 3.6.7

>= 3.7.0, < 3.7.3

Patched versions

3.6.7

3.7.3

Related news

CVE-2022-31679: CVE-2022-31679 | Security

Applications that allow HTTP PATCH access to resources exposed by Spring Data REST in versions 3.6.0 - 3.5.5, 3.7.0 - 3.7.2, and older unsupported versions, if an attacker knows about the structure of the underlying domain model, they can craft HTTP requests that expose hidden entity attributes.