A Spring Data MongoDB application is vulnerable to SpEL Injection when using @Query or @Aggregation-annotated query methods with SpEL expressions that contain query parameter placeholders for value binding if the input is not sanitized.
| CVE Infomation | Exploits or more Infomation |
|---|---|
| mitre | EXPLOIT DATABASE |
| NVD | 0day.today |
| vulmon.com | github |
| CVE Details | |
| JVN ENG JPN | |
| Reconshell |
Software Tag:
List of frequently cited URLs
| User | URL | Info Source | Date |
|---|---|---|---|
| buaqbot | https://ift.tt/Q0lfZKE | Source buaqbot 1589471885917671424 | 2022/11/07 |
| buaqbot | https://ift.tt/WDa6vBw | Source buaqbot 1589471885917671424 | 2022/11/07 |
List of frequently cited URLs
| URL | Num of Times Referred to |
|---|---|
| cvetrends.com | 60 |
| twinybots.ch | 16 |
| github.com | 11 |
| tanzu.vmware.com | 6 |
| securityboulevard.com | 4 |
| twitter.com | 3 |
| infosecwriteups.com | 3 |
| User | URL | Info Source |
|---|---|---|
| buaqbot | ift.tt | Show Tweet |
| buaqbot | ift.tt | Show Tweet |
| Name | URL |
|---|---|
| trganda/CVE-2022-22980 | https://github.com/trganda/CVE-2022-22980 |
| kuron3k0/Spring-Data-Mongodb-Example | https://github.com/kuron3k0/Spring-Data-Mongodb-Example |
| jweny/cve-2022-22980-exp | https://github.com/jweny/cve-2022-22980-exp |
| W01fh4cker/Serein | https://github.com/W01fh4cker/Serein |
| li8u99/Spring-Data-Mongodb-Demo | https://github.com/li8u99/Spring-Data-Mongodb-Demo |
| Name | URL |
|---|---|
| trganda/CVE-2022-22980 | github.com |
| kuron3k0/Spring-Data-Mongodb-Example | github.com |
| jweny/cve-2022-22980-exp | github.com |
| W01fh4cker/Serein | github.com |
| li8u99/Spring-Data-Mongodb-Demo | github.com |