CVE-2022-31679 Information

Description

Applications that allow HTTP PATCH access to resources exposed by Spring Data REST in versions 3.6.0 - 3.5.5 3.7.0 - 3.7.2 and older unsupported versions if an attacker knows about the structure of the underlying domain model they can craft HTTP requests that expose hidden entity attributes.

Reference

https://tanzu.vmware.com/security/cve-2022-31679