CVE-2021-22047

Name of the Vulnerable Software and Affected Versions Spring Data REST versions 3.4.0 through 3.4.13 Spring Data REST versions 3.5.0 through 3.5.5 Spring Data REST older unsupported versions

Description The issue affects HTTP resources implemented by custom controllers using a configured base API path and a controller type-level request mapping. These resources are exposed under additional URIs, which can potentially be accessed without authorization, depending on the Spring Security configuration.

Recommendations For Spring Data REST versions 3.4.0 through 3.4.13, update to a version outside of this range to mitigate the risk. For Spring Data REST versions 3.5.0 through 3.5.5, update to a version outside of this range to mitigate the risk. For Spring Data REST older unsupported versions, consider upgrading to a supported version to address the issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.