CVE-2022-31679

EPSS 0.17% · P38 Updated May 23, 2025

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2022-31679

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Description

Applications that allow HTTP PATCH access to resources exposed by Spring Data REST in versions 3.6.0 - 3.5.5, 3.7.0 - 3.7.2, and older unsupported versions, if an attacker knows about the structure of the underlying domain model, they can craft HTTP requests that expose hidden entity attributes.

Source: NVD (National Vulnerability Database)

CVSS Information

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Type

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Title

VMware Spring Data REST 安全漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

VMware Spring Data REST是美国VMware公司的一种数据接口。用于构建在 Spring Data 存储库之上，分析应用程序的域模型，并为模型中包含的聚合公开超媒体驱动的 HTTP 资源。 VMware Spring Data REST 3.5.5版本至3.6.0版本、3.7.0版本至3.7.2版本存在安全漏洞。攻击者利用该漏洞可以创建暴露隐藏实体属性的HTTP请求。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
-	Spring Data REST	Spring Data REST Versions before 3.6.7 and 3.7.3	-

II. Public POCs for CVE-2022-31679

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2022-31679

请登录查看更多情报信息。

https://tanzu.vmware.com/security/cve-2022-31679x_refsource_MISC
https://nvd.nist.gov/vuln/detail/CVE-2022-31679

Same Patch Batch · n/a · 2022-09-21 · 29 CVEs total

CVE-2022-29799		FacturaScripts 路径遍历漏洞
CVE-2022-41222		Linux kernel 资源管理错误漏洞
CVE-2022-41218		Linux kernel 资源管理错误漏洞
CVE-2022-37026		Ericsson Erlang 授权问题漏洞
CVE-2022-41220		md2roff 缓冲区错误漏洞
CVE-2022-38928		XPDF 代码问题漏洞
CVE-2022-37246		Pixel＆tonic Craft CMS 跨站脚本漏洞
CVE-2022-37027		Ahsay Systems Cloud Backup Suite 参数注入漏洞
CVE-2022-40026		Simple Task Managing System SQL注入漏洞
CVE-2022-40027		Simple Task Managing System 跨站脚本漏洞
CVE-2022-40028		Simple Task Managing System 跨站脚本漏洞
CVE-2022-40029		Simple Task Managing System 跨站脚本漏洞
CVE-2022-40030		Simple Task Managing System SQL注入漏洞
CVE-2022-35621		Evoh NFT EvohClaimable 安全漏洞
CVE-2022-28982		Liferay Portal和Liferay DXP 跨站脚本漏洞
CVE-2022-29800		networkd-dispatcher 安全漏洞
CVE-2022-23948		Keylime 安全漏洞
CVE-2021-43310		Keylime 安全漏洞
CVE-2022-23949		Keylime 安全漏洞
CVE-2022-23950		Keylime 安全漏洞

Showing top 20 of 29 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same product: Spring Data REST

CVE-2021-22047
VMware Spring Security 安全漏洞

Same vendor: n/a

V. Comments for CVE-2022-31679

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2022-31679

I. Basic Information for CVE-2022-31679

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2022-31679

III. Intelligence Information for CVE-2022-31679

Same Patch Batch · n/a · 2022-09-21 · 29 CVEs total

IV. Related Vulnerabilities

V. Comments for CVE-2022-31679

Leave a comment