Meituan Technology Team

Sep 28, 2017 · Information Security

Analysis and Exploitation of Spring Data REST CVE-2017-8046 Remote Code Execution Vulnerability

The article examines Spring Data REST’s CVE‑2017‑8046 remote‑code‑execution flaw, showing how a malicious JSON Patch path is turned into an unchecked SpEL expression that can run arbitrary commands, reproduces the exploit on a sample Spring Boot app, and advises upgrading to versions that include the path‑verification fix.