Description
A Spring Data MongoDB application is vulnerable to SpEL Injection when using @Query or @Aggregation-annotated query methods with SpEL expressions that contain query parameter placeholders for value binding if the input is not sanitized.
Remediation
References
https://tanzu.vmware.com/security/cve-2022-22980
Related Vulnerabilities
CVE-2023-4303 Vulnerability in maven package org.jenkins-ci.plugins:fortify
CVE-2022-34811 Vulnerability in maven package org.jenkins-ci.plugins:xpath-config-viewer
CVE-2014-3666 Vulnerability in maven package org.jenkins-ci.main:jenkins-core
CVE-2023-34238 Vulnerability in npm package gatsby-transformer-remark
CVE-2020-26217 Vulnerability in maven package org.jvnet.hudson:xstream