CreateServiceInstanceRequest Class is not handling empty request body exception

[sreeteja7]

When triggered PUT API v2/service_instances/{instance_id} by passing empty request body it gives complete stack trace which reveals the internals of the classes used

{
    "description": "Required request body is missing: public reactor.core.publisher.Mono<org.springframework.http.ResponseEntity<org.springframework.cloud.servicebroker.model.instance.CreateServiceInstanceResponse>> org.springframework.cloud.servicebroker.controller.ServiceInstanceController.createServiceInstance(java.util.Map<java.lang.String, java.lang.String>,java.lang.String,boolean,java.lang.String,java.lang.String,java.lang.String,org.springframework.cloud.servicebroker.model.instance.CreateServiceInstanceRequest)"
}

This is with spring-cloud-open-service-broker v3.3.0

Please open a CVE and fix this here https://github.com/spring-cloud/spring-cloud-open-service-broker/blob/8bdf3d6135b8308d07342eeb741b747596b1cfe0/spring-cloud-open-service-broker-core/src/main/java/org/springframework/cloud/servicebroker/model/instance/CreateServiceInstanceRequest.java

[sreeteja7]

We see this issue in 2.1.x of Spring boot which is using spring broker 3.0.x

[sreeteja7]

@royclarkson @scottfrederick Would you want to check on this ?? I see you guys in the author section :)

[royclarkson]

Thanks for reporting. We'll review and determine a proper fix.

[royclarkson]

Can you confirm that you are using Spring Boot 2.1 and Spring Cloud Open Service Broker 3.0 and the specific versions of each? Have you tried to upgrade to the latest version 3.3.0 with Spring Boot 2.4? Where are you seeing the complete stack trace? Thanks.