Exposure of Resource to Wrong Sphere in Spring Data REST

In Spring Data REST versions 3.4.0 - 3.4.13, 3.5.0 - 3.5.5, and older unsupported versions, HTTP resources implemented by custom controllers using a configured base API path and a controller type-level request mapping are additionally exposed under URIs that can potentially be exposed for...

be.personify.iam:personify-api (>=1.2.6.RELEASE <=1.3.1.RELEASE), be.personify.iam:personify-frontend (>=1.2.6.RELEASE <=1.3.0.RELEASE) +58 more potentially affected by CVE-2021-22047 via org.springframework.data:spring-data-rest-core (>=3.5.0 <=3.5.5)

org.springframework.data:spring-data-rest-core MAVEN version =3.5.0, =1.2.6.RELEASE, =1.2.6.RELEASE, =1.2.5.RELEASE, =5.12.1, =5.12.0, =5.12.0, =5.12.0, =5.12.0, =2.1.0, =2.1.0, =2.1.0, =2.1.2 and more Source cves: CVE-2021-22047 Source advisory: OSV:GHSA-4926-QPXG-6R3W...

com.github.paulcwarren:content-rest-spring-boot-starter (=1.2.0), com.github.paulcwarren:spring-content-rest (=1.2.0) +18 more potentially affected by CVE-2021-22047 via org.springframework.data:spring-data-rest-core (>=3.4.0 <=3.4.13)

org.springframework.data:spring-data-rest-core MAVEN version =3.4.0, =1.5.0, =1.5.0, =1.5.0, =0.9.0, =0.3.0, =1.5.0, =2.4.0, =2.7.3, =2.7.3, =2.7.3, =2.7.3, =2.7.4 and more Source cves: CVE-2021-22047 Source advisory: OSV:GHSA-4926-QPXG-6R3Whttps://vulners.co...

GHSA-4926-QPXG-6R3W Exposure of Resource to Wrong Sphere in Spring Data REST

In Spring Data REST versions 3.4.0 - 3.4.13, 3.5.0 - 3.5.5, and older unsupported versions, HTTP resources implemented by custom controllers using a configured base API path and a controller type-level request mapping are additionally exposed under URIs that can potentially be exposed for...

Remote code execution in PATCH requests in Spring Data REST

Malicious PATCH requests submitted to servers using Spring Data REST versions prior to 2.6.9 Ingalls SR9, versions prior to 3.0.1 Kay SR1 can use specially crafted JSON data to run arbitrary Java code...

am.ik.home:uaa-server (>=1.0.0 <=1.9.0), br.com.intelipost:sdk-java (>=0.0.1 <=0.0.8) +89 more potentially affected by CVE-2017-8046 via org.springframework.data:spring-data-rest-core (>=1.0.0.RELEASE <=2.6.8.RELEASE)

org.springframework.data:spring-data-rest-core MAVEN version =1.0.0.RELEASE, =1.0.0, =0.0.1, =1.0.0, =1.0.0, =2.3.0-RELEASE, =0.0.6, =0.0.1, =0.0.1, =1.0.0, =1.0.1-SNAPSHOTS - com.github.zengfr.project:com.github.zengfr.project.common =0.0.1 - com.github.zengfr.project:com.github.zengfr.project.p...

GHSA-9QF9-28H9-HQCJ Remote code execution in PATCH requests in Spring Data REST

Malicious PATCH requests submitted to servers using Spring Data REST versions prior to 2.6.9 Ingalls SR9, versions prior to 3.0.1 Kay SR1 can use specially crafted JSON data to run arbitrary Java code...

com.github.paulcwarren:content-rest-spring-boot-starter (>=0.5.0 <=0.6.0), com.github.paulcwarren:spring-content-rest (>=0.5.0 <=0.6.0) +8 more potentially affected by CVE-2017-8046 via org.springframework.data:spring-data-rest-core (>=3.0.0.RELEASE <=3.0.14.RELEASE)

org.springframework.data:spring-data-rest-core MAVEN version =3.0.0.RELEASE, =0.5.0, =0.5.0, =0.5.0, =0.0.1-RELEASE, =1.0.7, =2.0.5.RELEASE, =3.0.0.RELEASE, =3.0.0.RELEASE, =3.0.14.RELEASE Source cves: CVE-2017-8046 Source advisory: OSV:GHSA-9QF9-28H9-HQCJ...

CVE-2021-22047

In Spring Data REST versions 3.4.0 - 3.4.13, 3.5.0 - 3.5.5, and older unsupported versions, HTTP resources implemented by custom controllers using a configured base API path and a controller type-level request mapping are additionally exposed under URIs that can potentially be exposed for...

CVE-2021-22047

In Spring Data REST versions 3.4.0 - 3.4.13, 3.5.0 - 3.5.5, and older unsupported versions, HTTP resources implemented by custom controllers using a configured base API path and a controller type-level request mapping are additionally exposed under URIs that can potentially be exposed for...

Design/Logic Flaw

In Spring Data REST versions 3.4.0 - 3.4.13, 3.5.0 - 3.5.5, and older unsupported versions, HTTP resources implemented by custom controllers using a configured base API path and a controller type-level request mapping are additionally exposed under URIs that can potentially be exposed for...

CVE-2021-22047

In Spring Data REST versions 3.4.0 - 3.4.13, 3.5.0 - 3.5.5, and older unsupported versions, HTTP resources implemented by custom controllers using a configured base API path and a controller type-level request mapping are additionally exposed under URIs that can potentially be exposed for...

CVE-2021-22047

CVE-2021-22047 affects Spring Data REST: HTTP resources implemented by custom controllers using a configured base API path and a controller type-level request mapping are exposed under URIs that may be accessible without authorization, depending on Spring Security configuration.impact is describe...

VMware Spring Security 安全漏洞

VMware Spring Security is a set of security frameworks from VMware that provide illustrative security protections for Spring-based applications. A security vulnerability exists in Spring Data REST that stems from the additional disclosure of HTTP resources under the uri for custom controller...

Spring Data REST Installed

Binary data pivotalsoftwarespringdatarestinstalled.nbin...

VulnCheck KEV: CVE-2017-8046

Malicious PATCH requests submitted to servers using Spring Data REST versions prior to 2.6.9 Ingalls SR9, versions prior to 3.0.1 Kay SR1 and Spring Boot versions prior to 1.5.9, 2.0 M6 can use specially crafted JSON data to run arbitrary Java code...

GHSA-4FQ3-MR56-CG6R Spring Data Commons remote code injection vulnerability

Spring Data Commons, versions prior to 1.13 to 1.13.10, 2.0 to 2.0.5, and older unsupported versions, contain a property binder vulnerability caused by improper neutralization of special elements. An unauthenticated remote malicious user or attacker can supply specially crafted request parameters...

spring-boot: Malicious PATCH requests submitted to servers can use specially crafted JSON data to run arbitrary Java code

Malicious PATCH requests submitted to servers using Spring Data REST versions prior to 2.6.9 Ingalls SR9, versions prior to 3.0.1 Kay SR1 and Spring Boot versions prior to 1.5.9, 2.0 M6 can use specially crafted JSON data to run arbitrary Java code...

Pivotal Spring Data Commons / Spring Data REST XXE File Disclosure

XXE file disclosure in Pivotal Spring Data Commons / Spring Data REST Vulnerability Type: File Disclosure For the exploit source code contact DSquare Security sales team...

PT-2018-3847 · Spring · Spring Data Commons

Name of the Vulnerable Software and Affected Versions: Spring Data Commons versions prior to 1.13.10 Spring Data Commons versions 2.0 to 2.0.5 Spring Data Commons older unsupported versions Description: The issue is caused by improper neutralization of special elements, leading to a property bind...