Closed sreeteja7 closed 2 years ago
We see this issue in 2.1.x of Spring boot which is using spring broker 3.0.x
@royclarkson @scottfrederick Would you want to check on this ?? I see you guys in the author section :)
Thanks for reporting. We'll review and determine a proper fix.
Can you confirm that you are using Spring Boot 2.1 and Spring Cloud Open Service Broker 3.0 and the specific versions of each? Have you tried to upgrade to the latest version 3.3.0 with Spring Boot 2.4? Where are you seeing the complete stack trace? Thanks.
When triggered PUT API v2/service_instances/{instance_id} by passing empty request body it gives complete stack trace which reveals the internals of the classes used
This is with spring-cloud-open-service-broker v3.3.0
Please open a CVE and fix this here https://github.com/spring-cloud/spring-cloud-open-service-broker/blob/8bdf3d6135b8308d07342eeb741b747596b1cfe0/spring-cloud-open-service-broker-core/src/main/java/org/springframework/cloud/servicebroker/model/instance/CreateServiceInstanceRequest.java