Back to search
CVE-2021-22047
Published: Oct 28, 2021
Modified: Aug 3, 2024
PUBLISHED
Description
In Spring Data REST versions 3.4.0 - 3.4.13, 3.5.0 - 3.5.5, and older unsupported versions, HTTP resources implemented by custom controllers using a configured base API path and a controller type-level request mapping are additionally exposed under URIs that can potentially be exposed for unauthorized access depending on the Spring Security configuration.
| Vendor | Product | Versions |
|---|---|---|
n/a | Spring Data REST | affected Spring Data REST versions 3.4.x prior to 3.4.14+ ,3.5.x prior to 3.5.6+ and old unsupported versions |
Weaknesses (CWE)
References
https://tanzu.vmware.com/security/cve-2021-22047
x_refsource_MISC
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now