SpEL Injection Vulnerability in Spring Data MongoDB Application
CVE-2022-22980 · CRITICAL Severity
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
A Spring Data MongoDB application is vulnerable to SpEL Injection when using @Query or @Aggregation-annotated query methods with SpEL expressions that contain query parameter placeholders for value binding if the input is not sanitized.
Learn more about our Cis Benchmark Audit For Bind.