org.springframework.data:spring-data-rest-core
Maven3 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting org.springframework.data:spring-data-rest-corepage 1 of 1
- CVE-2017-8046CRITICALCVSS 9.8EG 9.8✓ Fixed in 3.0.1.RELEASE2018-01-04
vulnerable: 3.0.0.RELEASE
Malicious PATCH requests submitted to servers using Spring Data REST versions prior to 2.6.9 (Ingalls SR9), versions prior to 3.0.1 (Kay SR1) and Spring Boot versions prior to 1.5.9, 2.0 M6 can use specially crafted JSON data to run arbitr…
- CVE-2021-22047MEDIUMCVSS 5.3EG 5.3✓ Fixed in 3.5.62021-10-28
vulnerable: 3.5.0 ... 3.5.5 (6 versions)
In Spring Data REST versions 3.4.0 - 3.4.13, 3.5.0 - 3.5.5, and older unsupported versions, HTTP resources implemented by custom controllers using a configured base API path and a controller type-level request mapping are additionally expo…
- CVE-2022-31679LOWCVSS 3.7EG 3.7✓ Fixed in 3.7.32022-09-21
vulnerable: 3.7.0, 3.7.1, 3.7.2
Applications that allow HTTP PATCH access to resources exposed by Spring Data REST in versions 3.6.0 - 3.5.5, 3.7.0 - 3.7.2, and older unsupported versions, if an attacker knows about the structure of the underlying domain model, they can …
Check whether org.springframework.data:spring-data-rest-core is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for org.springframework.data:spring-data-rest-core CVEs against the assets you own.
Start Free Scan →