cbcvebase.

Vmware Spring Data Mongodb vulnerabilities

3 known vulnerabilities affecting vmware/spring_data_mongodb.

Total CVEs
3
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH1MEDIUM1

Vulnerabilities

Page 1 of 1
CVE-2022-22980P2CRITICALCVSS 9.8≤ 3.3.4v3.4.0+1 more2022-06-23
CVE-2022-22980 [CRITICAL] CWE-917 CVE-2022-22980: A Spring Data MongoDB application is vulnerable to SpEL Injection when using @Query or @Aggregation- A Spring Data MongoDB application is vulnerable to SpEL Injection when using @Query or @Aggregation-annotated query methods with SpEL expressions that contain query parameter placeholders for value binding if the input is not sanitized.
nvd
CVE-2026-41717P3HIGHCVSS 8.1≥ 3.4.0, ≤ 3.4.19≥ 4.0.0, ≤ 4.0.15+6 more2026-06-10
CVE-2026-41717 [HIGH] CWE-917 CVE-2026-41717: Spring Data MongoDB contains a SpEL (Spring Expression Language) expression injection vulnerability. Spring Data MongoDB contains a SpEL (Spring Expression Language) expression injection vulnerability. The issue occurs during parameter binding when a user-defined repository query method is annotated with @Query and utilizes a capture-all placeholder. Affected versions: Spring Data MongoDB 5.0.0 through 5.0.5; 4.5.0 through 4.5.11; 4.4.0 through 4.4.
nvd
CVE-2026-41696P3MEDIUMCVSS 5.9≥ 3.4.0, ≤ 3.4.19≥ 4.0.0, ≤ 4.0.15+6 more2026-06-10
CVE-2026-41696 [MEDIUM] CWE-943 CVE-2026-41696: Spring Data MongoDB repository query methods annotated with @Query that use regex parameter binding Spring Data MongoDB repository query methods annotated with @Query that use regex parameter binding perform insufficient validation of the bound parameter. An attacker can supply a crafted string to break out of the intended regular expression quoting. Affected versions: Spring Data MongoDB 5.0.0 through 5.0.5; 4.5.0 through 4.5.11; 4.4.0 through 4.
nvd
Vmware Spring Data Mongodb vulnerabilities | cvebase