Lucene search
PRIOn knowledge basePRION:CVE-2022-31679HistorySep 21, 2022 - 6:15 p.m.
Code injection
2022-09-2118:15:00
PRIOn knowledge base
www.prio-n.com
1
code injection
http patch
spring data rest
attacker
hidden entity attributes
Applications that allow HTTP PATCH access to resources exposed by Spring Data REST in versions 3.6.0 - 3.5.5, 3.7.0 - 3.7.2, and older unsupported versions, if an attacker knows about the structure of the underlying domain model, they can craft HTTP requests that expose hidden entity attributes.
| CPE | Name | Operator | Version |
|---|---|---|---|
| spring_data_rest | ge | 3.7.0 | |
| spring_data_rest | lt | 3.7.3 | |
| spring_data_rest | ge | 3.6.0 | |
| spring_data_rest | lt | 3.6.7 |
References
Related
github
github
Spring Data REST can expose hidden entity attributes
2022-09-22 00:00:24
cvelist
cvelist
CVE-2022-31679
2022-09-21 17:42:42
nvd
nvd
CVE-2022-31679
2022-09-21 18:15:10
veracode
veracode
Information Disclosure
2022-09-23 09:23:35
cve
cve
CVE-2022-31679
2022-09-21 18:15:10
spring
spring
This Week in Spring - September 20th, 2022
2022-09-20 07:00:00
Spring Data REST Vulnerability (CVE-2022-31679)
2022-09-19 15:49:00
osv
osv
Spring Data REST can expose hidden entity attributes
2022-09-22 00:00:24
