Description
A vulnerability was determined in baomidou dynamic-datasource 2.5.0. Affected by this vulnerability is the function DsSpelExpressionProcessor#doDetermineDatasource of the file dynamic-datasource-spring/src/main/java/com/baomidou/dynamic/datasource/processor/DsSpelExpressionProcessor.java of the component StandardEvaluationContext/SpelExpressionParser. This manipulation causes injection. The attack may be initiated remotely. Patch name: 273fcedaee984c08197c0890f14190b86ab7e0b8. It is recommended to apply a patch to fix this issue.
Published: 2026-04-26
Score: 5.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Injection (potential remote code execution)
Action: Immediate Patch
AI Analysis

Impact

The vulnerability resides in Baomidou dynamic-datasource 2.5.0, specifically within the DsSpelExpressionProcessor#doDetermineDatasource method that utilizes Spring’s StandardEvaluationContext and SpelExpressionParser. An attacker who can supply a crafted SpEL expression can cause that expression to be evaluated by the application’s context, leading to an injection flaw that may allow arbitrary code execution or other unintended behavior. The flaw exists because user-controlled data can be injected into a SpEL expression without proper validation or sandboxing.

Affected Systems

Systems that include Baomidou dynamic-datasource library version 2.5.0 are affected. This includes projects that use the dynamic-datasource-spring component and rely on the SpelExpressionParser for determining data sources at runtime.

Risk and Exploitability

The CVSS score of 5.3 marks the issue as moderate in severity, while the EPSS score of less than 1% indicates a low probability of exploitation at this time. The flaw is listed as not appearing in CISA’s KEV catalog. The attack vector is remote, with an attacker able to inject malicious expressions over the network if the application exposes the relevant API endpoints. Once injected, a SpEL expression can execute code within the permissions of the Java process, thereby creating a significant risk if the application runs with elevated privileges.

Generated by OpenCVE AI on April 28, 2026 at 05:07 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the recent patch identified by commit 273fcedaee984c08197c0890f14190b86ab7e0b8 to the Baomidou dynamic-datasource library.
  • Upgrade the library to a later version that incorporates the fix if newer releases are available.
  • If an upgrade is not immediately feasible, sanitize all user-supplied expressions and restrict the SpEL parser to a whitelist of allowed expressions or disable SpEL usage where possible.

Generated by OpenCVE AI on April 28, 2026 at 05:07 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-6rmm-pg23-5f8q Dynamic-Datasource has an Injection vulnerability
History

Mon, 27 Apr 2026 21:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 27 Apr 2026 20:15:00 +0000

Type Values Removed Values Added
First Time appeared Baomidou
Baomidou dynamic-datasource
Vendors & Products Baomidou
Baomidou dynamic-datasource

Sun, 26 Apr 2026 14:00:00 +0000

Type Values Removed Values Added
Description A vulnerability was determined in baomidou dynamic-datasource 2.5.0. Affected by this vulnerability is the function DsSpelExpressionProcessor#doDetermineDatasource of the file dynamic-datasource-spring/src/main/java/com/baomidou/dynamic/datasource/processor/DsSpelExpressionProcessor.java of the component StandardEvaluationContext/SpelExpressionParser. This manipulation causes injection. The attack may be initiated remotely. Patch name: 273fcedaee984c08197c0890f14190b86ab7e0b8. It is recommended to apply a patch to fix this issue.
Title baomidou dynamic-datasource StandardEvaluationContext/SpelExpressionParser DsSpelExpressionProcessor.java DsSpelExpressionProcessor#doDetermineDatasource injection
Weaknesses CWE-707
CWE-74
References
Metrics cvssV2_0

{'score': 6.5, 'vector': 'AV:N/AC:L/Au:S/C:P/I:P/A:P/E:ND/RL:OF/RC:C'}

cvssV3_0

{'score': 6.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C'}

cvssV3_1

{'score': 6.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C'}

cvssV4_0

{'score': 5.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X'}

Subscriptions

Baomidou Dynamic-datasource
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-04-27T20:11:33.625Z

Reserved: 2026-04-25T16:10:12.081Z

Link: CVE-2026-7045

cve-icon Vulnrichment

Updated: 2026-04-27T20:11:27.571Z

cve-icon NVD

Status : Deferred

Published: 2026-04-26T22:17:32.233

Modified: 2026-04-27T18:50:06.087

Link: CVE-2026-7045

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-28T05:15:22Z

Weaknesses