3 matches found
CVE-2026-41728 Spring Data REST JSON Patch bypasses Jackson read-only property protection on nested objects and collections
Spring Data REST's JSON Patch application/json-patch+json implementation does not apply the write-access filter to intermediate path segments when resolving a multi-segment JSON Pointer. Affected versions: Spring Data REST 3.7.0 through 3.7.19; 4.3.0 through 4.3.16; 4.4.0 through 4.4.14; 4.5.0...
CVE-2026-41728
Spring Data REST is affected by CVE-2026-41728 due to its JSON Patch (application/json-patch+json) handling not applying the write-access filter to intermediate path segments when resolving multi-segment JSON Pointers. Affected versions include Spring Data REST 3.7.0–3.7.19; 4.3.0–4.3.16; 4.4.0–4...
PT-2026-48324
Spring Data REST's JSON Patch application/json-patch+json implementation does not apply the write-access filter to intermediate path segments when resolving a multi-segment JSON Pointer. Affected versions: Spring Data REST 3.7.0 through 3.7.19; 4.3.0 through 4.3.16; 4.4.0 through 4.4.14; 4.5.0...