CVE-2022-22980
N/A
N/A
Summary
A Spring Data MongoDB application is vulnerable to SpEL Injection when using @Query or @Aggregation-annotated query methods with SpEL expressions that contain query parameter placeholders for value binding if the input is not sanitized.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | Spring Data MongoDB | 3.4.0, 3.3.0 to 3.3.4 and Older | affected |
Weaknesses
- Spring Data MongoDB SpEL Expression injection vulnerability through annotated repository query methods
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.