Lucene search
K
VmwareSpring Data Rest

10 matches found

CVE
CVE
added 2018/04/11 1:0 p.m.1168 views

CVE-2018-1273

CVE-2018-1273 is a remote code execution vulnerability in Spring Data Commons (affecting versions prior to 1.13.10 and 2.0–2.0.5, plus older unsupported builds). An unauthenticated attacker could supply crafted request parameters against Spring Data REST HTTP resources or via Spring Data projecti...

9.8CVSS9.6AI score0.95649EPSS
In wildWeb
CVE
CVE
added 2018/01/04 6:0 a.m.264 views

CVE-2017-8046

CVE-2017-8046 is a remote code execution vulnerability affecting Spring Data REST before versions 2.6.9 (Ingalls SR9) and 3.0.1 (Kay SR1), and Spring Boot before 1.5.9 or 2.0 M6. When processing specially crafted JSON in PATCH requests, an attacker could execute arbitrary Java code on affected se...

9.8CVSS9.2AI score0.74355EPSS
In wildWeb
CVE
CVE
added 2018/05/11 8:0 p.m.136 views

CVE-2018-1259

CVE-2018-1259 involves Spring Data Commons (versions 1.13 before 1.13.12 and 2.0 before 2.0.7) used with XMLBeam 1.4.14 or earlier. The vulnerability is due to improper restriction of XML external entity references, causing an XMLBeam-based property binder to be vulnerable to an XXE attack. An un...

7.5CVSS7.5AI score0.0497EPSS
CVE
CVE
added 2018/04/18 4:0 p.m.118 views

CVE-2018-1274

Spring Data Commons contains a property path parser vulnerability caused by unlimited resource allocation. Affected versions are 1.13 to 1.13.10 and 2.0 to 2.0.5 (and older unsupported versions). An unauthenticated remote attacker can issue requests against Spring Data REST endpoints or endpoints...

7.5CVSS7.4AI score0.01969EPSS
CVE
CVE
added 2021/10/28 3:21 p.m.112 views

CVE-2021-22047

CVE-2021-22047 affects Spring Data REST: HTTP resources implemented by custom controllers using a configured base API path and a controller type-level request mapping are exposed under URIs that may be accessible without authorization, depending on Spring Security configuration.impact is describe...

5.3CVSS5.6AI score0.00746EPSS
CVE
CVE
added 2022/09/21 5:42 p.m.86 views

CVE-2022-31679

CVE-2022-31679 affects VMware Spring Data REST. The issue allows an attacker who knows the domain model to craft HTTP PATCH requests that expose hidden entity attributes. Affected versions include Spring Data REST 3.5.5 and older, 3.6.0–3.6.6, and 3.7.0–3.7.2. The central root cause is improper h...

3.7CVSS4AI score0.00467EPSS
CVE
CVE
added 2026/06/09 11:49 p.m.38 views

CVE-2026-41728

Spring Data REST is affected by CVE-2026-41728 due to its JSON Patch (application/json-patch+json) handling not applying the write-access filter to intermediate path segments when resolving multi-segment JSON Pointers. Affected versions include Spring Data REST 3.7.0–3.7.19; 4.3.0–4.3.16; 4.4.0–4...

7.5CVSS5.5AI score0.00306EPSS
CVE
CVE
added 2026/06/09 11:49 p.m.34 views

CVE-2026-41729

CVE-2026-41729 : Spring Data REST is vulnerable to SpEL expression injection via map-typed properties when processing JSON Patch (application/json-patch+json) requests. When a persistent entity exposes a Map-typed property, the JSON Pointer path segment used as the map key is embedded directly in...

8.1CVSS5.5AI score0.00393EPSS
CVE
CVE
added 2026/06/09 11:49 p.m.28 views

CVE-2026-41837

CVE-2026-41837 impacts Spring Data REST where the Querydsl integration accepts arbitrary persistent property paths as request-parameter filter keys and does not apply Jackson customizations before passing them to Querydsl. Affected versions include Spring Data REST 3.7.0–3.7.19; 4.3.0–4.3.16; 4.4...

5.3CVSS5.6AI score0.00191EPSS
CVE
CVE
added 2026/06/09 11:49 p.m.26 views

CVE-2026-41730

Spring Data REST is the affected component. The CVE describes that it serializes the full exception cause chain into HTTP error response bodies, potentially exposing persistence‑layer internals to HTTP clients. Affected versions include Spring Data REST 3.7.0–3.7.19; 4.3.0–4.3.16; 4.4.0–4.4.14; 4...

5.3CVSS5.5AI score0.00197EPSS