Mass Assignment Vulnerability (MAV) remains one of the most persistent classes of weakness in modern web-service back ends, and the Spring Boot ecosystem is particularly exposed because of its default model-binding behaviour and the heavy reliance on annotation-driven configuration. Although several detection approaches have been proposed in recent years, ranging from rule-based static scanners to schema-aware fuzzing engines, the community still lacks a shared, well-documented, and reproducible benchmark on which these approaches can be compared. As a result, reported precision and recall numbers are difficult to interpret, and progress in the field is slowed by inconsistent evaluation conditions. This paper introduces MAVBench, a curated benchmark dataset that brings together 340 real and synthetic Spring Boot projects, 28,500 REST endpoints, and a layered ground truth that combines source-level annotations with verified exploit traces. The benchmark covers seven canonical MAV patterns, three severity tiers, and four project-size strata, and is delivered with a reproducible evaluation harness that records precision, recall, F1, false-positive rate, scan latency, and memory footprint. The benchmark is used to evaluate seven detection approaches covering bug-finders, generic static analysers, semantic pattern engines, mining-based academic prototypes, and black-box fuzzers. Empirical results show a sharp performance gap between general-purpose tools and approaches that are aware of Spring-specific binding patterns, with hybrid static-plus-dynamic strategies reaching an F1 of 0.84 on the full benchmark. The benchmark also reveals a recurring weakness across all tested tools when project size grows beyond two hundred files, suggesting that scaling MAV detection to industrial code bases remains an open problem. MAVBench is intended to serve as a stable measurement infrastructure for future work on REST API security and as a teaching artefact for software engineering courses that include web-application security modules.