Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Applications that allow HTTP PATCH access to resources exposed by Spring Data REST in versions 3.6.0 - 3.5.5, 3.7.0 - 3.7.2, and older unsupported versions, if an attacker knows about the structure of the underlying domain model, they can craft HTTP requests that expose hidden entity attributes.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
VMware Spring Data REST 安全漏洞
Vulnerability Description
VMware Spring Data REST是美国VMware公司的一种数据接口。用于构建在 Spring Data 存储库之上,分析应用程序的域模型,并为模型中包含的聚合公开超媒体驱动的 HTTP 资源。 VMware Spring Data REST 3.5.5版本至3.6.0版本、3.7.0版本至3.7.2版本存在安全漏洞。攻击者利用该漏洞可以创建暴露隐藏实体属性的HTTP请求。
CVSS Information
N/A
Vulnerability Type
N/A