Maven package
org.springframework.data/spring-data-rest-core
pkg:maven/org.springframework.data/spring-data-rest-core
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2022-31679 | — | >= 3.6.0, < 3.6.7 | 3.6.7 | Sep 21, 2022 | Applications that allow HTTP PATCH access to resources exposed by Spring Data REST in versions 3.6.0 - 3.5.5, 3.7.0 - 3.7.2, and older unsupported versions, if an attacker knows about the structure of the underlying domain model, they can craft HTTP requests that expose hidden en | ||
| CVE-2021-22047 | — | >= 3.4.0, < 3.4.14 | 3.4.14 | Oct 28, 2021 | In Spring Data REST versions 3.4.0 - 3.4.13, 3.5.0 - 3.5.5, and older unsupported versions, HTTP resources implemented by custom controllers using a configured base API path and a controller type-level request mapping are additionally exposed under URIs that can potentially be ex | ||
| CVE-2017-8046 | — | < 2.6.9.RELEASE | 2.6.9.RELEASE | Jan 4, 2018 | Malicious PATCH requests submitted to servers using Spring Data REST versions prior to 2.6.9 (Ingalls SR9), versions prior to 3.0.1 (Kay SR1) and Spring Boot versions prior to 1.5.9, 2.0 M6 can use specially crafted JSON data to run arbitrary Java code. |
- CVE-2022-31679Sep 21, 2022affected >= 3.6.0, < 3.6.7fixed 3.6.7
Applications that allow HTTP PATCH access to resources exposed by Spring Data REST in versions 3.6.0 - 3.5.5, 3.7.0 - 3.7.2, and older unsupported versions, if an attacker knows about the structure of the underlying domain model, they can craft HTTP requests that expose hidden en
- CVE-2021-22047Oct 28, 2021affected >= 3.4.0, < 3.4.14fixed 3.4.14
In Spring Data REST versions 3.4.0 - 3.4.13, 3.5.0 - 3.5.5, and older unsupported versions, HTTP resources implemented by custom controllers using a configured base API path and a controller type-level request mapping are additionally exposed under URIs that can potentially be ex
- CVE-2017-8046Jan 4, 2018affected < 2.6.9.RELEASEfixed 2.6.9.RELEASE
Malicious PATCH requests submitted to servers using Spring Data REST versions prior to 2.6.9 (Ingalls SR9), versions prior to 3.0.1 (Kay SR1) and Spring Boot versions prior to 1.5.9, 2.0 M6 can use specially crafted JSON data to run arbitrary Java code.