Malicious PATCH requests submitted to servers using Spring Data REST versions prior to 2.6.9 (Ingalls SR9), versions prior to 3.0.1 (Kay SR1) and Spring Boot versions prior to 1.5.9, 2.0 M6 can use specially crafted JSON data to run arbitrary Java code.
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HPivotal Software Spring Data Rest
APPPivotal Software3.0.0VMware Spring Boot
APPVmware2.0.0< 1.5.9VMware Spring Data Rest
APPVmware3.0.0< 2.6.9
Related vulnerabilities
Spring Data Commons, versions prior to 1.13 to 1.13.10, 2.0 to 2.0.5, and older unsupported versions, contain ...
VMware Spring Boot: nieefektywna domyślna ochrona web security — nieautoryzowany dostęp
An issue in Dromara SaToken version 1.36.0 and before allows a remote attacker to escalate privileges via a cr...
In Spring Boot versions 3.0.0 - 3.0.5, 2.7.0 - 2.7.10, and older unsupported versions, an application that is ...
Element Plug-in for vCenter Server incorporates SpringBoot Framework. SpringBoot Framework versions prior to 1...