Spring Data REST Vulnerability (CVE-2022-31679)

19 September 2022

Updates – [09-19] Vulnerability announced here and Spring Data REST 3.6.7 and 3.7.1 released Table of Contents Overview Vulnerability Am I Impacted Status Overview We would like to announce that we have released Spring Data REST 3.6.7 and 3.7.1 to address a vulnerability that would allow unintended data exposure for resources by Spring Data REST. Vulnerability Applications that allow HTTP PATCH access to resources exposed by Spring Data REST if an attacker knows about the structure of the underlying domain model, they can craft HTTP requests that expose hidden entity attributes.

Read full article on Official Spring blog

Date:

19 September 2022

Categorie(s):

NEWS

Tag(s):

IT, Security Pro, Spring, Spring-Data, Vulnerability

Protobom: Open-source software supply chain tool19 April 2024
The key pillars of domain security19 April 2024
Fraudsters abused Apple Stores’ third-party pickup policy to phish for profits19 April 2024
51% of enterprises experienced a breach despite large security stacks19 April 2024
Alert! Windows LPE Zero-day Exploit Advertised on Hacker Forums19 April 2024