spring-data-rest-webmvc is vulnerable to information disclosure. The vulnerability exists due to the improper implementation of the JSON patch in the library, allowing an attacker to get information about the hidden entity attributes through maliciously crafted HTTP requests.
github.com/advisories/GHSA-fv7x-v67w-cvqv
github.com/spring-projects/spring-data-rest/commit/2ad081f75b4baabfbc139f0dc2b75c54889b4053
github.com/spring-projects/spring-data-rest/commit/bf37590b25a0c066f67547b39fb4d7294e2c7cb7
github.com/spring-projects/spring-data-rest/issues/2177
tanzu.vmware.com/security/cve-2022-31679