SpEL Injection Vulnerability in Spring Data MongoDB Application

SpEL Injection Vulnerability in Spring Data MongoDB Application

CVE-2022-22980 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

A Spring Data MongoDB application is vulnerable to SpEL Injection when using @Query or @Aggregation-annotated query methods with SpEL expressions that contain query parameter placeholders for value binding if the input is not sanitized.

Learn more about our Cis Benchmark Audit For Bind.