Home
MEDIUM: 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NDefault status
unaffected
3.7.0 (custom) before 3.7.20
affected
4.3.0 (custom) before 4.3.17
affected
4.4.0 (custom) before 4.4.15
affected
4.5.0 (custom) before 4.5.12
affected
5.0.0 (custom) before 5.0.6
affected
Description
Spring Data REST serializes the full exception cause chain into HTTP error response bodies, potentially exposing persistence-layer internals to HTTP clients. Affected versions: Spring Data REST 3.7.0 through 3.7.19; 4.3.0 through 4.3.16; 4.4.0 through 4.4.14; 4.5.0 through 4.5.11; 5.0.0 through 5.0.5.
Problem types
CWE-209: Generation of Error Message Containing Sensitive Information
Product status
3.7.0 (custom) before 3.7.20
4.3.0 (custom) before 4.3.17
4.4.0 (custom) before 4.4.15
4.5.0 (custom) before 4.5.12
5.0.0 (custom) before 5.0.6
References
spring.io/security/cve-2026-41730