Spring Data REST Vulnerability (CVE-2022-31679)

Updates – [09-19] Vulnerability announced here and Spring Data REST 3.6.7 and 3.7.1 released Table of Contents Overview Vulnerability Am I Impacted Status Overview We would like to announce that we have released Spring Data REST 3.6.7 and 3.7.1 to address a vulnerability that would allow unintended data exposure for resources by Spring Data REST. Vulnerability Applications that allow HTTP PATCH access to resources exposed by Spring Data REST if an attacker knows about the structure of the underlying domain model, they can craft HTTP requests that expose hidden entity attributes.

Read full article on Official Spring blog