SonicALERT
Search

Sonicwall Signatures

 

Go to All Categories list.


  Spring Data MongoDB SpEL Expression Injection 3

Category: WEB-ATTACKS      

A Spring Data MongoDB application is vulnerable to SpEL Injection when using @Query or @Aggregation-annotated query methods with SpEL expressions that contain query parameter placeholders for value binding if the input is not sanitized. Affected Spring Data MongoDB versions are 3.4.0, 3.3.0 to 3.3.4 and older unsupported once.

References
http://en.wikipedia.org/wiki/Arbitrary_code_execution


Relevant Information