Description
A Spring Data MongoDB application is vulnerable to SpEL Injection when using @Query or @Aggregation-annotated query methods with SpEL expressions that contain query parameter placeholders for value binding if the input is not sanitized.
No analysis available yet.
Remediation
No remediation available yet.
Tracking
Sign in to view the affected projects.
Advisories
| Source | ID | Title |
|---|---|---|
Github GHSA |
GHSA-w24x-87mr-4r23 | SpEL Injection in Spring Data MongoDB |
References
History
No history.
Status: PUBLISHED
Assigner: vmware
Published:
Updated: 2024-08-03T03:28:42.620Z
Reserved: 2022-01-10T00:00:00.000Z
Link: CVE-2022-22980
No data.
Status : Modified
Published: 2022-06-23T17:15:12.120
Modified: 2026-06-17T04:29:17.273
Link: CVE-2022-22980
OpenCVE Enrichment
No data.
Weaknesses
-
CWE-917
Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')
Github GHSA