Lucene search
+L

4 matches found

OSV
OSV
added 2026/06/09 11:49 p.m.3 views

CVE-2026-41837 Spring Data REST Querydsl integration exposes Jackson-hidden persistent fields as filter keys

Spring Data REST's Querydsl integration accepts arbitrary persistent property paths as request-parameter filter keys and does not consider Jackson customizations before handing them to Querydsl. Affected versions: Spring Data REST 3.7.0 through 3.7.19; 4.3.0 through 4.3.16; 4.4.0 through 4.4.14;...

5.3CVSS6AI score0.00191EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/09 11:49 p.m.10 views

CVE-2026-41837 Spring Data REST Querydsl integration exposes Jackson-hidden persistent fields as filter keys

Spring Data REST's Querydsl integration accepts arbitrary persistent property paths as request-parameter filter keys and does not consider Jackson customizations before handing them to Querydsl. Affected versions: Spring Data REST 3.7.0 through 3.7.19; 4.3.0 through 4.3.16; 4.4.0 through 4.4.14;...

5.3CVSS5.6AI score0.00191EPSS
Exploits0References1
CVE
CVE
added 2026/06/09 11:49 p.m.32 views

CVE-2026-41837

CVE-2026-41837 impacts Spring Data REST where the Querydsl integration accepts arbitrary persistent property paths as request-parameter filter keys and does not apply Jackson customizations before passing them to Querydsl. Affected versions include Spring Data REST 3.7.0–3.7.19; 4.3.0–4.3.16; 4.4...

5.3CVSS5.6AI score0.00191EPSS
Exploits0References1Affected Software1
Spring Security Advisories
Spring Security Advisories
added 2026/06/09 12:0 a.m.9 views

cve-2026-41837 - MEDIUM - Spring Data REST Querydsl integration exposes Jackson-hidden persistent fields as filter keys

cve-2026-41837 - MEDIUM - Spring Data REST Querydsl integration exposes Jackson-hidden persistent fields as filter keys...

5.3CVSS6.1AI score0.00191EPSS
Exploits0
Rows per page
Query Builder