Lucene search
K
VmwareSpring Data Rest4.3.0

4 matches found

CVE
CVE
added 2026/06/09 11:49 p.m.38 views

CVE-2026-41728

Spring Data REST is affected by CVE-2026-41728 due to its JSON Patch (application/json-patch+json) handling not applying the write-access filter to intermediate path segments when resolving multi-segment JSON Pointers. Affected versions include Spring Data REST 3.7.0–3.7.19; 4.3.0–4.3.16; 4.4.0–4...

7.5CVSS5.5AI score0.00306EPSS
CVE
CVE
added 2026/06/09 11:49 p.m.36 views

CVE-2026-41729

CVE-2026-41729 : Spring Data REST is vulnerable to SpEL expression injection via map-typed properties when processing JSON Patch (application/json-patch+json) requests. When a persistent entity exposes a Map-typed property, the JSON Pointer path segment used as the map key is embedded directly in...

8.1CVSS5.5AI score0.00393EPSS
CVE
CVE
added 2026/06/09 11:49 p.m.31 views

CVE-2026-41837

CVE-2026-41837 impacts Spring Data REST where the Querydsl integration accepts arbitrary persistent property paths as request-parameter filter keys and does not apply Jackson customizations before passing them to Querydsl. Affected versions include Spring Data REST 3.7.0–3.7.19; 4.3.0–4.3.16; 4.4...

5.3CVSS5.6AI score0.00191EPSS
CVE
CVE
added 2026/06/09 11:49 p.m.26 views

CVE-2026-41730

Spring Data REST is the affected component. The CVE describes that it serializes the full exception cause chain into HTTP error response bodies, potentially exposing persistence‑layer internals to HTTP clients. Affected versions include Spring Data REST 3.7.0–3.7.19; 4.3.0–4.3.16; 4.4.0–4.4.14; 4...

5.3CVSS5.5AI score0.00197EPSS