Description
A Spring Data MongoDB application is vulnerable to SpEL Injection when using @Query or @Aggregation-annotated query methods with SpEL expressions that contain query parameter placeholders for value binding if the input is not sanitized.
Remediation
References
https://tanzu.vmware.com/security/cve-2022-22980
Related Vulnerabilities
CVE-2023-5720 Vulnerability in maven package io.quarkus:quarkus-project
CVE-2021-42697 Vulnerability in maven package com.typesafe.akka:akka-http_2.13
CVE-2022-23302 Vulnerability in maven package log4j:log4j
CVE-2020-27838 Vulnerability in maven package org.keycloak:keycloak-client-registration-api