漏洞描述
Spring Data REST是一个构建在Spring Data之上,为了帮助开发者更加容易地开发REST风格的Web服务。在RESTAPI的Patch方法中(实现RFC6902),path的值被传入setValue,导致执行了SpEL表达式,触发远程命令执行漏洞。
Spring Data Rest 远程命令执行漏洞(CVE-2017-8046)
PoC代码
暂无相关漏洞推荐
- Spring Framework路径遍历漏洞(CVE-2024-38819)
- Spring Cloud Gateway SpEL 表达式注入漏洞
- Spring Cloud Gateway 信息泄露漏洞(CVE-2025-41243)
- Spring Cloud Gateway环境属性修改漏洞 (CVE-2025-41243)
- Spring Cloud Gateway WebFlux 存在表达式注入漏洞
- Vmware Spring Security 逻辑缺陷漏洞
- Vmware Spring Framework 逻辑缺陷漏洞
- CVE-2019-3799: Spring Cloud Config Server Directory Traversal
- springboot-actuator-unauth: Springboot Actuator Unauth
- springblade-export-user-sqli: SpringBlade 框架后台 export-user 路径 SQL 注入漏洞
- (CVE-2025-8752)Wangzhixuan Spring-Shiro-Training /role/add命令注入漏洞
- POC spring4shell-CVE-2022-22965: Spring Framework RCE via Data Binding on JDK 9+
- POC CVE-2016-4977: Spring Security OAuth2 Remote Command Execution