4 matches found
CVE-2026-41728
Spring Data REST is affected by CVE-2026-41728 due to its JSON Patch (application/json-patch+json) handling not applying the write-access filter to intermediate path segments when resolving multi-segment JSON Pointers. Affected versions include Spring Data REST 3.7.0–3.7.19; 4.3.0–4.3.16; 4.4.0–4...
CVE-2026-41729
CVE-2026-41729 : Spring Data REST is vulnerable to SpEL expression injection via map-typed properties when processing JSON Patch (application/json-patch+json) requests. When a persistent entity exposes a Map-typed property, the JSON Pointer path segment used as the map key is embedded directly in...
CVE-2026-41837
CVE-2026-41837 impacts Spring Data REST where the Querydsl integration accepts arbitrary persistent property paths as request-parameter filter keys and does not apply Jackson customizations before passing them to Querydsl. Affected versions include Spring Data REST 3.7.0–3.7.19; 4.3.0–4.3.16; 4.4...
CVE-2026-41730
Spring Data REST is the affected component. The CVE describes that it serializes the full exception cause chain into HTTP error response bodies, potentially exposing persistence‑layer internals to HTTP clients. Affected versions include Spring Data REST 3.7.0–3.7.19; 4.3.0–4.3.16; 4.4.0–4.4.14; 4...