Brian Schrader

**Name of the Vulnerable Software and Affected Versions** Spring Data REST versions 3.4.0 through 3.4.13 Spring Data REST versions 3.5.0 through 3.5.5 Spring Data REST older unsupported versions **Description** The issue affects HTTP resources implemented by custom controllers using a configured base API path and a controller type-level request mapping. These resources are exposed under additional URIs, which can potentially be accessed without authorization, depending on the Spring Security configuration. **Recommendations** For Spring Data REST versions 3.4.0 through 3.4.13, update to a version outside of this range to mitigate the risk. For Spring Data REST versions 3.5.0 through 3.5.5, update to a version outside of this range to mitigate the risk. For Spring Data REST older unsupported versions, consider upgrading to a supported version to address the issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.