Lucene search
K

38 matches found

Spring Security Advisories
Spring Security Advisories
added 2022/07/26 7:0 a.m.49 views

This Week in Spring - July 26th, 2022

Aloha, Spring fans! Im on vacation, reporting to you from the paradise-like island of Maui, Hawaii, and hoping that youre having a wonderful day! My family and I love Hawaii. Its brimming with beauty and serenity, and while the island of Maui, in the state of Hawaii, is very small, the islands ar...

7.2AI score
Exploits0
RedhatCVE
RedhatCVE
added 2022/06/30 6:35 p.m.48 views

CVE-2022-22980

A flaw was found in the Spring Data MongoDB. This flaw allows an attacker to perform code injection when an application uses some annotations/query methods with Spring Expression Language SpEL expressions...

9.8CVSS3.6AI score0.16903EPSS
Exploits3References3
vulnersOsv
vulnersOsv
added 2022/06/24 12:0 a.m.5 views

ai.platon.commons:distributed-lock-example (>=1.4.2 <=1.4.3), ai.platon.commons:distributed-lock-mongo (>=1.4.2 <=1.4.3) +1242 more potentially affected by CVE-2022-22980 via org.springframework.data:spring-data-mongodb (>=1.0.0.RELEASE <=3.3.4)

org.springframework.data:spring-data-mongodb MAVEN version =1.0.0.RELEASE, =1.4.2, =1.4.2, =1.6.6, =1.6.6, =0.0.1, =0.0.1, =0.9.1, =0.1.0, =0.1.0, =3.0.0.RELEASE, =1.1.13, =2.0.2 and more Source cves: CVE-2022-22980 Source advisory: OSV:GHSA-W24X-87MR-4R23...

9.8CVSS7.1AI score0.16903EPSS
Exploits3
vulnersOsv
vulnersOsv
added 2022/06/24 12:0 a.m.7 views

cn.airfei.air-core:core (=3.0.0), com.alpactech:mt-mongo (=1.0.0) +40 more potentially affected by CVE-2022-22980 via org.springframework.data:spring-data-mongodb (=3.4.0)

org.springframework.data:spring-data-mongodb MAVEN version =3.4.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.springframework.data:spring-data-mongodb and may be impacted: - cn.airfei.air-core:core =3.0.0 - com.alpactech:mt-mongo =1.0.0 -...

9.8CVSS7.1AI score0.16903EPSS
Exploits3
OSV
OSV
added 2022/06/24 12:0 a.m.2 views

GHSA-W24X-87MR-4R23 SpEL Injection in Spring Data MongoDB

A Spring Data MongoDB application is vulnerable to SpEL Injection when using @Query or @Aggregation-annotated query methods with SpEL expressions that contain query parameter placeholders for value binding if the input is not sanitized...

9CVSS7.1AI score0.16903EPSS
Exploits3References2
Github Security Blog
Github Security Blog
added 2022/06/24 12:0 a.m.43 views

SpEL Injection in Spring Data MongoDB

A Spring Data MongoDB application is vulnerable to SpEL Injection when using @Query or @Aggregation-annotated query methods with SpEL expressions that contain query parameter placeholders for value binding if the input is not sanitized...

9.8CVSS3.9AI score0.16903EPSS
Exploits3References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2022/06/23 5:15 p.m.7 views

CVE-2022-22980

A Spring Data MongoDB application is vulnerable to SpEL Injection when using @Query or @Aggregation-annotated query methods with SpEL expressions that contain query parameter placeholders for value binding if the input is not sanitized...

9.8CVSS7.2AI score0.16903EPSS
Exploits3References2
NVD
NVD
added 2022/06/23 5:15 p.m.27 views

CVE-2022-22980

A Spring Data MongoDB application is vulnerable to SpEL Injection when using @Query or @Aggregation-annotated query methods with SpEL expressions that contain query parameter placeholders for value binding if the input is not sanitized...

9.8CVSS0.16903EPSS
Exploits3References1
Prion
Prion
added 2022/06/23 5:15 p.m.25 views

Sql injection

A Spring Data MongoDB application is vulnerable to SpEL Injection when using @Query or @Aggregation-annotated query methods with SpEL expressions that contain query parameter placeholders for value binding if the input is not sanitized...

6.8CVSS9.5AI score0.16903EPSS
Exploits3References1Affected Software1
Wallarm Lab
Wallarm Lab
added 2022/06/23 7:14 a.m.76 views

Update on Spring Data MongoDB SpEL Expression Injection Vulnerability (CVE-2022-22980)

Background On June 20, 2022 Spring released Spring Data MongoDB 3.4.1 and 3.3.5 to address a critical CVE report: CVE-2022-22980: Spring Data MongoDB SpEL Expression injection vulnerability through annotated repository query methods. This vulnerability was originally reported on June 13, 2022...

6.8CVSS0.4AI score0.16903EPSS
Exploits3
CNNVD
CNNVD
added 2022/06/23 12:0 a.m.7 views

Spring Data MongoDB 安全漏洞

Spring Framework is the U.S. Spring team of a set of open source Java, JavaEE application framework. The framework helps developers build high-quality applications. A security vulnerability exists in Spring Data MongoDB that stems from vulnerability to SpEL injection when using @Query or...

9.8CVSS8AI score0.16903EPSS
Exploits3References3
BDU FSTEC
BDU FSTEC
added 2022/06/23 12:0 a.m.9 views

The vulnerability of software for unifying and simplifying access to Spring Data MongoDB databases, related to errors in processing SpEL expressions, allows a perpetrator to execute arbitrary code.

The vulnerability of the software for unifying and simplifying access to Spring Data MongoDB databases is related to errors in processing SpEL expressions. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by sending a specially crafted SpEL query...

10CVSS7.9AI score0.16903EPSS
Exploits3References3Affected Software1
OSV
OSV
added 2022/06/22 1:56 p.m.40 views

CVE-2022-22980

A Spring Data MongoDB application is vulnerable to SpEL Injection when using @Query or @Aggregation-annotated query methods with SpEL expressions that contain query parameter placeholders for value binding if the input is not sanitized...

9.8CVSS6.9AI score0.16903EPSS
Exploits3References3
Cvelist
Cvelist
added 2022/06/22 1:56 p.m.38 views

CVE-2022-22980

A Spring Data MongoDB application is vulnerable to SpEL Injection when using @Query or @Aggregation-annotated query methods with SpEL expressions that contain query parameter placeholders for value binding if the input is not sanitized...

9.8AI score0.16903EPSS
Exploits3References1
CVE
CVE
added 2022/06/22 1:56 p.m.783 views

CVE-2022-22980

CVE-2022-22980 is a SpEL injection flaw in Spring Data MongoDB where @Query/@Aggregation queries containing parameter placeholders can be exploited if input isn’t sanitized. Public advisories (VMware/Spring/TENABLE, IBM, Red Hat, OSV) confirm remote code execution risk and provide fixes: upgrade ...

9.8CVSS9.4AI score0.16903EPSS
Exploits3References1Affected Software1
Veracode
Veracode
added 2022/06/21 2:43 a.m.71 views

SpEL Injection Attacks

spring-data-mongodb is vulnerable to Spring Expression Language SpEL injection. The vulnerability exists due to the non-sanitized input in the repository query method, allowing an attacker to inject and execute malicious SpEL to the repository query method when it is annotated with @Query or...

9.8CVSS9.2AI score0.16903EPSS
Exploits3References5Affected Software1
Spring Security Advisories
Spring Security Advisories
added 2022/06/20 12:39 p.m.146 views

Spring Data MongoDB SpEL Expression Injection Vulnerability (CVE-2022-22980)

Updates 06-20 CVE-2022-22980 is published 06-20 Spring Data MongoDB 3.4.1 and 3.3.5 are available Table of Contents Overview Vulnerability Am I Impacted Status Suggested Workarounds Overview We would like to announce that we have released Spring Data MongoDB 3.4.1 and 3.3.5 to address the followi...

6.8CVSS1.1AI score0.16903EPSS
Exploits3
Spring Security Advisories
Spring Security Advisories
added 2022/06/20 12:0 a.m.8 views

Spring Data MongoDB SpEL Expression injection vulnerability through annotated repository query methods

A Spring Data MongoDB application is vulnerable to SpEL Injection when using @Query or @Aggregation-annotated query methods with SpEL expressions that contain query parameter placeholders for value binding if the input is not sanitized. Specifically, an application is vulnerable when all of the...

9CVSS7.2AI score0.16903EPSS
Exploits3References1
Rows per page
Query Builder