Threat Encyclopedia



This indicates an attack attempt to exploit a Remote Code Execution vulnerability in Pivotal Spring.
The vulnerability is due to insufficient sanitizing of HTTP PATCH requests in the application. A remote attacker may be able to exploit this to execute arbitrary code within the context of the application, via crafted HTTP requests.

affected-products-logoAffected Products

Spring Data REST versions prior to 2.5.12, 2.6.7, 3.0 RC3
Spring Boot versions prior to 2.0.0M4
Spring Data release trains prior to Kay-RC3


System Compromise: Remote attackers can gain control of vulnerable systems.

recomended-action-logoRecommended Actions

Apply the most recent upgrade or patch from the vendor.

CVE References