VMware offers training and certification to turbo-charge your progress.Learn more
In Spring Data REST versions 3.4.0 - 3.4.13, 3.5.0 - 3.5.5, and older unsupported versions, HTTP resources implemented by custom controllers using a configured base API path and a controller type-level request mapping are additionally exposed under URIs that can potentially be exposed for unauthorized access depending on the Spring Security configuration. The vulnerability only applies to projects for which all the following points are true:
Users of affected versions should upgrade to one of the versions below. No other steps are necessary.
This vulnerability was initially discovered and responsibly reported by Brian Schrader.
The VMware Security Response team provides a single point of contact for the reporting of security vulnerabilities in VMware Tanzu products and coordinates the process of investigating any reported vulnerabilities.
To report a security vulnerability in a VMware service or product please refer to the VMware Security Response Policy.