Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-31679

Applications that allow HTTP PATCH access to resources exposed by Spring Data REST in versions 3.6.0 - 3.5.5, 3.7.0 - 3.7.2, and older unsupported versions, if an attacker knows about the structure of the underlying domain model, they can craft HTTP requests that expose hidden entity attributes.

Published

2022-09-21T18:15:10.093

Last Modified

2025-05-22T19:15:31.407

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 3.7 (LOW)

Weaknesses

Type: Primary
NVD-CWE-noinfo

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	vmware	spring_data_rest	< 3.6.7	Yes
Application	vmware	spring_data_rest	< 3.7.3	Yes

References

https://tanzu.vmware.com/security/cve-2022-31679 Vendor Advisory ([email protected])
https://tanzu.vmware.com/security/cve-2022-31679 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)