白帽酱

**Name of the Vulnerable Software and Affected Versions** Spring Data REST versions 3.5.5 and earlier Spring Data REST versions 3.6.0 through 3.6.6 Spring Data REST versions 3.7.0 through 3.7.2 **Description** The issue allows attackers to expose hidden entity attributes by crafting HTTP requests, if they know the structure of the underlying domain model, in applications that allow HTTP PATCH access to resources exposed by Spring Data REST. **Recommendations** For versions 3.5.5 and earlier, update to a version that is not older than 3.5.5 to mitigate the risk. For versions 3.6.0 through 3.6.6, update to a version later than 3.6.6 to resolve the issue. For versions 3.7.0 through 3.7.2, update to a version later than 3.7.2 to resolve the issue. As a temporary workaround, consider restricting HTTP PATCH access to resources exposed by Spring Data REST until a patch is available.