spring-data-mongodb is vulnerable to Spring Expression Language (SpEL) injection. The vulnerability exists due to the non-sanitized input in the repository query method, allowing an attacker to inject and execute malicious SpEL to the repository query method when it is annotated with @Query
or @Aggregation
and use parametrized SpEL statements.
github.com/spring-projects/spring-data-mongodb/commit/5e241c6ea55939c9587fad5058a07d7b3f0ccbd3
github.com/spring-projects/spring-data-mongodb/commit/7c5ac764b343d45e5d0abbaba4e82395b471b4c4
github.com/spring-projects/spring-data-mongodb/issues/4089
spring.io/blog/2022/06/20/spring-data-mongodb-spel-expression-injection-vulnerability-cve-2022-22980#vulnerability
tanzu.vmware.com/security/cve-2022-22980