CVE-2022-31679
unknown
CVSS v3
—
VIR risk
—
Description
Spring Data REST can expose hidden entity attributes
Predictions
Exploit likelihood
30%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
No vendor mitigations ingested yet for this CVE. The mitigation-content worker queues fetches as references arrive — check back in a few minutes, or see the references list below.
Package impact
| Ecosystem | Package | Vulnerable | Fixed |
|---|---|---|---|
| Maven | org.springframework.data:spring-data-rest-core | >=3.6.0,<3.6.7 | 3.6.7 |
| Maven | org.springframework.data:spring-data-rest-core | >=3.7.0,<3.7.3 | 3.7.3 |
References
- https://nvd.nist.gov/vuln/detail/CVE-2022-31679
- https://github.com/spring-projects/spring-data-rest/commit/2ad081f75b4baabfbc139f0dc2b75c54889b4053
- https://github.com/spring-projects/spring-data-rest/commit/bf37590b25a0c066f67547b39fb4d7294e2c7cb7
- https://github.com/spring-projects/spring-data-rest
- https://tanzu.vmware.com/security/cve-2022-31679
💬 Discuss CVE-2022-31679 on VIR Community →
Community-verified mitigations for this CVE will appear above when contributors publish them.
Verify integrity in audit chain (admin only). AS-IS.