Malicious PATCH requests submitted to servers using Spring Data REST versions before 2.6.9 (Ingalls SR9), versions before 3.0.1 (Kay SR1) and Spring Boot versions before 1.5.9, 2.0 M6 can use specially crafted JSON data to run arbitrary Java code.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
vmware spring boot 2.0.0 |
||
vmware spring boot |
||
pivotal software spring data rest |
||
pivotal software spring data rest 3.0.0 |
Similar to Apache Struts flaw that stuffed Equifax
Pivotal Labs' Spring Data REST project has a serious security hole that needs patching. Pivotal's Spring Framework is a popular platform for building web apps. Spring Data REST is a collection of additional components for devs to build Java applications that offer RESTful APIs to underlying Spring Data repositories. These interfaces are widely used. The critically rated remote code execution vulnerability (CVE-2017-8046) was discovered by security researchers at Semmle, who went public with thei...