CVE-2022-31679

State: PUBLISHED · Published: 2022-09-21 · Updated: 2025-05-22 · Assigner: vmware

Description

Applications that allow HTTP PATCH access to resources exposed by Spring Data REST in versions 3.6.0 - 3.5.5, 3.7.0 - 3.7.2, and older unsupported versions, if an attacker knows about the structure of the underlying domain model, they can craft HTTP requests that expose hidden entity attributes.

CWE

(none)

Affected

n/a / Spring Data REST — v=Spring Data REST Versions before 3.6.7 and 3.7.3 [affected]

CVSS

(none)

References

https://tanzu.vmware.com/security/cve-2022-31679 x_refsource_MISC

Source

cvelistV5-main/cves/2022/31xxx/CVE-2022-31679.json