CVE-2022-22980

State: PUBLISHED · Published: 2022-06-22 · Updated: 2024-08-03 · Assigner: vmware

Description

A Spring Data MongoDB application is vulnerable to SpEL Injection when using @Query or @Aggregation-annotated query methods with SpEL expressions that contain query parameter placeholders for value binding if the input is not sanitized.

CWE

(none)

Affected

n/a / Spring Data MongoDB — v=3.4.0, 3.3.0 to 3.3.4 and Older [affected]

CVSS

(none)

References

https://tanzu.vmware.com/security/cve-2022-22980 x_refsource_MISC

Source

cvelistV5-main/cves/2022/22xxx/CVE-2022-22980.json