Is CVE-2017-8046 known to be exploited?

62 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Pivotal Spring Data Rest And Boot

CVE-2017-8046

Malicious PATCH requests submitted to servers using Spring Data REST versions prior to 2.6.9 (Ingalls SR9), versions prior to 3.0.1 (Kay SR1) and Spring Boot versions prior to 1.5.9, 2.0 M6 can use specially crafted JSON data to run arbitr…

EPSS: 0.940 (99.9th percentile) — read the EPSS interpretation.

Affected products

Pivotal Spring Data Rest And Boot — versions Pivotal Spring Data REST versions prior to 2.6.9 (Ingalls SR9), 3.0.1 (Kay SR1) and Spring Boot versions prior to 1.5.9, 2.0 M6

Public proof-of-concept exploits

References

pivotal.io/security/cve-2017-8046 (x_refsource_CONFIRM)
RHSA-2018:2405 (x_refsource_REDHAT, vendor-advisory)
100948 (vdb-entry, x_refsource_BID)
44289 (exploit, x_refsource_EXPLOIT-DB)

Frequently asked questions

What is CVE-2017-8046?: CVE-2017-8046 is a vulnerability in Pivotal Spring Data Rest And Boot. Published 2018-01-04.
Is CVE-2017-8046 known to be exploited?: 62 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.