Lucene search
K

6 matches found

RedhatCVE
RedhatCVE
added 2026/03/28 10:51 a.m.5 views

CVE-2026-22743

Spring AI's spring-ai-neo4j-store contains a Cypher injection vulnerability in Neo4jVectorFilterExpressionConverter. When a user-controlled string is passed as a filter expression key in Neo4jVectorFilterExpressionConverter of spring-ai-neo4j-store, doKey embeds the key into a backtick-delimited...

7.5CVSS5.9AI score0.0025EPSS
Exploits0References1
Snyk
Snyk
added 2026/03/27 7:18 a.m.4 views

Improper Input Validation

Overview Affected versions of this package are vulnerable to Improper Input Validation in the doKey function of Neo4jVectorFilterExpressionConverter when a user-controlled string is embedded as a filter expression key without proper escaping of backticks. An attacker can access internal resources...

8.7CVSS5.9AI score0.0025EPSS
Exploits0References2
OSV
OSV
added 2026/03/27 6:31 a.m.6 views

GHSA-7CJ7-RCW6-P68V Spring AI has a Cypher Injection vulnerability in Neo4jVectorFilterExpressionConverter

Spring AI's spring-ai-neo4j-store contains a Cypher injection vulnerability in Neo4jVectorFilterExpressionConverter. When a user-controlled string is passed as a filter expression key in Neo4jVectorFilterExpressionConverter of spring-ai-neo4j-store, doKey embeds the key into a backtick-delimited...

7.5CVSS5.9AI score0.0025EPSS
Exploits0References6
CVE
CVE
added 2026/03/27 5:33 a.m.43 views

CVE-2026-22743

CVE-2026-22743 affects Spring AI’s spring-ai-neo4j-store, specifically the Cypher injection in the Neo4jVectorFilterExpressionConverter. A user-controlled string used as a filter expression key is embedded into a backtick-delimited Cypher property accessor (node.metadata.) after stripping only do...

7.5CVSS5.8AI score0.0025EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2026/03/27 5:33 a.m.3 views

CVE-2026-22743 Server-Side Request Forgery via Filter Expression Keys in Neo4jVectorStore

Spring AI's spring-ai-neo4j-store contains a Cypher injection vulnerability in Neo4jVectorFilterExpressionConverter. When a user-controlled string is passed as a filter expression key in Neo4jVectorFilterExpressionConverter of spring-ai-neo4j-store, doKey embeds the key into a backtick-delimited...

7.5CVSS6.6AI score0.0025EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/03/27 12:0 a.m.5 views

PT-2026-28326

Name of the Vulnerable Software and Affected Versions Spring AI versions 1.0.0 through 1.0.4 Spring AI versions 1.1.0 through 1.1.3 Description The software contains a Cypher injection issue within the Neo4jVectorFilterExpressionConverter component. When a user-controlled string is used as a filt...

7.5CVSS5.9AI score0.0025EPSS
Exploits0References9
Rows per page
Query Builder