CVE-2022-31679 – Applications that allow HTTP PATCH access to resources exposed by Spring Data REST in vers …

Vuln ID: CVE-2022-31679

Published:  2022-09-21  18:15:10Z

Description: Applications that allow HTTP PATCH access to resources exposed by Spring Data REST in versions 3.6.0 – 3.5.5, 3.7.0 – 3.7.2, and older unsupported versions, if an attacker knows about the structure of the underlying domain model, they can craft HTTP requests that expose hidden entity attributes.

Source: NVD.NIST.GOV