CVE-2022-22980

Name of the Vulnerable Software and Affected Versions Spring Data MongoDB (affected versions not specified)

Description The issue is related to errors in processing SpEL expressions, which can be exploited by a remote attacker to execute arbitrary code by sending a specially crafted SpEL request. This can occur when using @Query or @Aggregation-annotated query methods with SpEL expressions that contain query parameter placeholders for value binding, if the input is not sanitized.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.