Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

GHSA-9qf9-28h9-hqcj

GitHub Security Advisory

Remote code execution in PATCH requests in Spring Data REST

✓ GitHub Reviewed CRITICAL Has CVE
View on GitHub

Advisory Details

Malicious PATCH requests submitted to servers using Spring Data REST versions prior to 2.6.9 (Ingalls SR9), versions prior to 3.0.1 (Kay SR1) can use specially crafted JSON data to run arbitrary Java code.

Affected Packages

Maven org.springframework.data:spring-data-rest-core
Affected versions: 0 (fixed in 2.6.9.RELEASE)
Maven org.springframework.data:spring-data-rest-core
Affected versions: 3.0.0 (fixed in 3.0.1.RELEASE)

Related CVEs

CVE-2017-8046

Key Information

GHSA ID
GHSA-9qf9-28h9-hqcj
Published
May 13, 2022 1:02 AM
Last Modified
November 4, 2022 6:40 PM
CVSS Score
9.0 /10
Primary Ecosystem
Maven
Primary Package
org.springframework.data:spring-data-rest-core
GitHub Reviewed
✓ Yes

Dataset

Last updated: August 30, 2025 6:32 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.