Search for packages
| purl | pkg:maven/org.springframework.data/spring-data-rest-core@2.5.9.RELEASE |
| Next non-vulnerable version | 2.6.9.RELEASE |
| Latest non-vulnerable version | 3.7.3 |
| Risk | 10.0 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-g7ce-fs6u-abdp
Aliases: CVE-2017-8046 GHSA-9qf9-28h9-hqcj |
Malicious PATCH requests submitted to servers using Spring Data REST versions prior to 2.6.9 (Ingalls SR9), versions prior to 3.0.1 (Kay SR1) and Spring Boot versions prior to 1.5.9, 2.0 M6 can use specially crafted JSON data to run arbitrary Java code. |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-04-16T20:40:46.559160+00:00 | GitLab Importer | Affected by | VCID-g7ce-fs6u-abdp | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.springframework.data/spring-data-rest-core/CVE-2017-8046.yml | 38.4.0 |
| 2026-04-11T21:51:27.187447+00:00 | GitLab Importer | Affected by | VCID-g7ce-fs6u-abdp | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.springframework.data/spring-data-rest-core/CVE-2017-8046.yml | 38.3.0 |
| 2026-04-02T22:05:16.681391+00:00 | GitLab Importer | Affected by | VCID-g7ce-fs6u-abdp | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.springframework.data/spring-data-rest-core/CVE-2017-8046.yml | 38.1.0 |
| 2026-04-01T16:22:14.056535+00:00 | GitLab Importer | Affected by | VCID-g7ce-fs6u-abdp | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.springframework.data/spring-data-rest-core/CVE-2017-8046.yml | 38.0.0 |