Fluid Attacks Database

Description

Affected versions of this package are vulnerable to Information Exposure. HTTP resources implemented by custom controllers using a configured base API path and a controller type-level request mapping are additionally exposed under URIs that can potentially be exposed for unauthorized access depending on the Spring Security configuration

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
maven	org.springframework.data:spring-data-rest-core	>=3.4.0 <3.4.14 \|\| >=3.5.0 <3.5.6	3.4.14, 3.5.6
maven	org.springframework.data:spring-data-rest-webmvc	>=0 <3.4.14 \|\| >=3.5.0 <3.5.6	-

Aliases

1. CVE-2021-220472. NVD-2021-220473. OSV-2021-220474. GCVE-2021-220475. DB-CVE-2021-22047

References

1. https://tanzu.vmware.com/security/cve-2021-22047

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.