8 matches found
CVE-2026-22729
A JSONPath injection vulnerability in Spring AI's AbstractFilterExpressionConverter allows authenticated users to bypass metadata-based access controls through crafted filter expressions. User-controlled input passed to FilterExpressionBuilder is concatenated into JSONPath queries without proper...
EUVD-2026-12795
A JSONPath injection vulnerability in Spring AI's AbstractFilterExpressionConverter allows authenticated users to bypass metadata-based access controls through crafted filter expressions. User-controlled input passed to FilterExpressionBuilder is concatenated into JSONPath queries without proper...
GHSA-RP9G-QX29-88CP JSONPath Injection in Spring AI Vector Stores FilterExpressionConverter
A JSONPath injection vulnerability in Spring AI's AbstractFilterExpressionConverter allows authenticated users to bypass metadata-based access controls through crafted filter expressions. User-controlled input passed to FilterExpressionBuilder is concatenated into JSONPath queries without proper...
CVE-2026-22729
Spring AI’s AbstractFilterExpressionConverter is vulnerable to a JSONPath injection, where user-controlled input in FilterExpressionBuilder is concatenated into JSONPath queries without proper escaping. This can allow authenticated users to bypass metadata-based access controls and access unautho...
CVE-2026-22730 CVE-2026-22730: SQL Injection in Spring AI MariaDBFilterExpressionConverter
A critical SQL injection vulnerability in Spring AI's MariaDBFilterExpressionConverter allows attackers to bypass metadata-based access controls and execute arbitrary SQL commands. The vulnerability exists due to missing input sanitization...
CVE-2026-22730
CVE-2026-22730 describes a critical SQL injection vulnerability in Spring AI’s MariaDBFilterExpressionConverter, enabling bypass of metadata-based access controls and arbitrary SQL execution. Technical details across connected sources indicate the issue stems from missing input sanitization when ...
VMware Spring AI 安全漏洞
VMware Spring AI is a development framework by the American company VMware, which integrates artificial intelligence and large language model capabilities into the Spring ecosystem. VMware Spring AI has a security vulnerability; this vulnerability stems from the lack of input cleaning in the...
SQL Injection
Overview Affected versions of this package are vulnerable to SQL Injection due to the AbstractFilterExpressionConverter's handling of operator characters, such as || and &&. This allows authenticated users to bypass metadata-based access controls by supplying arbitrary JSONPath queries to access...