Description
A Spring Data MongoDB application is vulnerable to SpEL Injection when using @Query or @Aggregation-annotated query methods with SpEL expressions that contain query parameter placeholders for value binding if the input is not sanitized.
Remediation
References
https://tanzu.vmware.com/security/cve-2022-22980
Related Vulnerabilities
CVE-2022-34185 Vulnerability in maven package me.leejay.jenkins:date-parameter
CVE-2019-17513 Vulnerability in maven package io.ratpack:ratpack-core
CVE-2018-10899 Vulnerability in maven package org.jolokia:jolokia-core
CVE-2022-36910 Vulnerability in maven package org.jenkins-ci.plugins:lucene-search