Description
Applications that allow HTTP PATCH access to resources exposed by Spring Data REST in versions 3.6.0 - 3.5.5, 3.7.0 - 3.7.2, and older unsupported versions, if an attacker knows about the structure of the underlying domain model, they can craft HTTP requests that expose hidden entity attributes.
Remediation
References
https://tanzu.vmware.com/security/cve-2022-31679
Related Vulnerabilities
CVE-2023-31062 Vulnerability in maven package org.apache.inlong:manager-dao
CVE-2023-28674 Vulnerability in maven package org.jenkinsci.plugins:octoperf
CVE-2022-36944 Vulnerability in maven package org.scala-lang:scala-library
CVE-2021-41616 Vulnerability in maven package org.apache.ddlutils:ddlutils
CVE-2014-0119 Vulnerability in maven package org.apache.tomcat:catalina