org.springframework.ai:spring-ai-advisors-vector-store 1.1.1

Direct Vulnerabilities

Known vulnerabilities in the org.springframework.ai:spring-ai-advisors-vector-store package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free

Vulnerability	Vulnerable Version
H Prompt Injection org.springframework.ai:spring-ai-advisors-vector-store is a Chat client advisors for Spring AI Affected versions of this package are vulnerable to Prompt Injection via conversation memory handling in the affected advisor. An attacker can inject crafted input in conversation memory that is later interpreted by the model as trusted context, allowing manipulation of model behavior across conversations. How to fix Prompt Injection? Upgrade `org.springframework.ai:spring-ai-advisors-vector-store` to version 1.0.7, 1.1.6 or higher.	[,1.0.7)[1.1.0-M1,1.1.6)
H Improper Neutralization of Special Elements in Data Query Logic org.springframework.ai:spring-ai-advisors-vector-store is a Chat client advisors for Spring AI Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Data Query Logic via the `conversationId` handling in `VectorStoreChatMemoryAdvisor`. An attacker can bypass conversation isolation and exfiltrate sensitive data from other users’ chat histories by injecting crafted filter logic through a user-controlled `conversationId`, allowing access to secrets and credentials. How to fix Improper Neutralization of Special Elements in Data Query Logic? Upgrade `org.springframework.ai:spring-ai-advisors-vector-store` to version 1.0.6, 1.1.5 or higher.	[,1.0.6)[1.1.0-M1,1.1.5)

Vulnerability

Vulnerable Version

Prompt Injection

org.springframework.ai:spring-ai-advisors-vector-store is a Chat client advisors for Spring AI

Affected versions of this package are vulnerable to Prompt Injection via conversation memory handling in the affected advisor. An attacker can inject crafted input in conversation memory that is later interpreted by the model as trusted context, allowing manipulation of model behavior across conversations.

How to fix Prompt Injection?

Upgrade org.springframework.ai:spring-ai-advisors-vector-store to version 1.0.7, 1.1.6 or higher.

[,1.0.7)[1.1.0-M1,1.1.6)

Improper Neutralization of Special Elements in Data Query Logic

org.springframework.ai:spring-ai-advisors-vector-store is a Chat client advisors for Spring AI

Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Data Query Logic via the conversationId handling in VectorStoreChatMemoryAdvisor. An attacker can bypass conversation isolation and exfiltrate sensitive data from other users’ chat histories by injecting crafted filter logic through a user-controlled conversationId, allowing access to secrets and credentials.

How to fix Improper Neutralization of Special Elements in Data Query Logic?

Upgrade org.springframework.ai:spring-ai-advisors-vector-store to version 1.0.6, 1.1.5 or higher.

[,1.0.6)[1.1.0-M1,1.1.5)

org.springframework.ai:spring-ai-advisors-vector-store@1.1.1

latest version

latest non vulnerable version

first published

latest version published

licenses detected

package registry

Direct Vulnerabilities

Fix vulnerabilities automatically