GHSA-fv7x-v67w-cvqv

Опубликовано: 22 сент. 2022

Источник: github

Github: Прошло ревью

CVSS3: 3.7

Описание

Spring Data REST can expose hidden entity attributes

Applications that allow HTTP PATCH access to resources exposed by Spring Data REST in versions 3.6.0 - 3.6.6, 3.7.0 - 3.7.2, and older unsupported versions, if an attacker knows about the structure of the underlying domain model, they can craft HTTP requests that expose hidden entity attributes.

Ссылки

Пакеты

Наименование

org.springframework.data:spring-data-rest-core

maven

Затронутые версииВерсия исправления

>= 3.6.0, < 3.6.7

3.6.7

Наименование

org.springframework.data:spring-data-rest-core

maven

Затронутые версииВерсия исправления

>= 3.7.0, < 3.7.3

3.7.3

EPSS

Процентиль: 45%

0.00227

Низкий

3.7 Low

CVSS3

CVE ID

CVE-2022-31679

Связанные уязвимости

CVE-2022-31679

CVSS3: 3.7

nvd

больше 3 лет назад

Applications that allow HTTP PATCH access to resources exposed by Spring Data REST in versions 3.6.0 - 3.5.5, 3.7.0 - 3.7.2, and older unsupported versions, if an attacker knows about the structure of the underlying domain model, they can craft HTTP requests that expose hidden entity attributes.

EPSS

Процентиль: 45%

0.00227

Низкий

3.7 Low

CVSS3

CVE ID

CVE-2022-31679