Critical severityNVD Advisory· Published Jun 22, 2022· Updated Aug 3, 2024
CVE-2022-22980
CVE-2022-22980
Description
A Spring Data MongoDB application is vulnerable to SpEL Injection when using @Query or @Aggregation-annotated query methods with SpEL expressions that contain query parameter placeholders for value binding if the input is not sanitized.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.springframework.data:spring-data-mongodbMaven | >= 3.4.0, < 3.4.1 | 3.4.1 |
org.springframework.data:spring-data-mongodbMaven | < 3.3.5 | 3.3.5 |
Affected products
2- Spring/Spring Data MongoDBdescription
Patches
Vulnerability mechanics
References
3- github.com/advisories/GHSA-w24x-87mr-4r23ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2022-22980ghsaADVISORY
- tanzu.vmware.com/security/cve-2022-22980ghsax_refsource_MISCWEB
News mentions
0No linked articles in our index yet.