VMware

Spring Data Rest

10 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 0.19%
  • Veröffentlicht 09.06.2026 23:49:49
  • Zuletzt bearbeitet 30.06.2026 22:16:56

Spring Data REST's Querydsl integration accepts arbitrary persistent property paths as request-parameter filter keys and does not consider Jackson customizations before handing them to Querydsl. Affected versions: Spring Data REST 3.7.0 through 3.7....

  • EPSS 0.2%
  • Veröffentlicht 09.06.2026 23:49:21
  • Zuletzt bearbeitet 30.06.2026 22:16:55

Spring Data REST serializes the full exception cause chain into HTTP error response bodies, potentially exposing persistence-layer internals to HTTP clients. Affected versions: Spring Data REST 3.7.0 through 3.7.19; 4.3.0 through 4.3.16; 4.4.0 throu...

  • EPSS 0.39%
  • Veröffentlicht 09.06.2026 23:49:17
  • Zuletzt bearbeitet 22.06.2026 12:10:33

Spring Data REST is vulnerable to SpEL expression injection through map-typed properties when processing JSON Patch (application/json-patch+json) requests. When a persistent entity exposes a Map-typed property, the JSON Pointer path segment used as t...

  • EPSS 0.31%
  • Veröffentlicht 09.06.2026 23:49:13
  • Zuletzt bearbeitet 30.06.2026 22:16:55

Spring Data REST's JSON Patch (application/json-patch+json) implementation does not apply the write-access filter to intermediate path segments when resolving a multi-segment JSON Pointer. Affected versions: Spring Data REST 3.7.0 through 3.7.19; 4....

  • EPSS 0.47%
  • Veröffentlicht 21.09.2022 18:15:10
  • Zuletzt bearbeitet 22.05.2025 19:15:31

Applications that allow HTTP PATCH access to resources exposed by Spring Data REST in versions 3.6.0 - 3.5.5, 3.7.0 - 3.7.2, and older unsupported versions, if an attacker knows about the structure of the underlying domain model, they can craft HTTP ...

  • EPSS 0.75%
  • Veröffentlicht 28.10.2021 16:15:07
  • Zuletzt bearbeitet 21.11.2024 05:49:29

In Spring Data REST versions 3.4.0 - 3.4.13, 3.5.0 - 3.5.5, and older unsupported versions, HTTP resources implemented by custom controllers using a configured base API path and a controller type-level request mapping are additionally exposed under U...

  • EPSS 4.97%
  • Veröffentlicht 11.05.2018 20:29:00
  • Zuletzt bearbeitet 26.06.2026 18:44:14

Spring Data Commons, versions 1.13 prior to 1.13.12 and 2.0 prior to 2.0.7, used in combination with XMLBeam 1.4.14 or earlier versions, contains a property binder vulnerability caused by improper restriction of XML external entity references as unde...

  • EPSS 1.97%
  • Veröffentlicht 18.04.2018 16:29:00
  • Zuletzt bearbeitet 26.06.2026 18:44:14

Spring Data Commons, versions 1.13 to 1.13.10, 2.0 to 2.0.5, and older unsupported versions, contain a property path parser vulnerability caused by unlimited resource allocation. An unauthenticated remote malicious user (or attacker) can issue reques...

Warnung
  • EPSS 95.65%
  • Veröffentlicht 11.04.2018 13:29:00
  • Zuletzt bearbeitet 26.06.2026 18:44:14

Spring Data Commons, versions prior to 1.13 to 1.13.10, 2.0 to 2.0.5, and older unsupported versions, contain a property binder vulnerability caused by improper neutralization of special elements. An unauthenticated remote malicious user (or attacker...

  • EPSS 74.36%
  • Veröffentlicht 04.01.2018 06:29:00
  • Zuletzt bearbeitet 26.06.2026 18:44:14

Malicious PATCH requests submitted to servers using Spring Data REST versions prior to 2.6.9 (Ingalls SR9), versions prior to 3.0.1 (Kay SR1) and Spring Boot versions prior to 1.5.9, 2.0 M6 can use specially crafted JSON data to run arbitrary Java co...