org.springframework.data:spring-data-mongodb 1.5.2.RELEASE

Direct Vulnerabilities

Known vulnerabilities in the org.springframework.data:spring-data-mongodb package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free

Vulnerability	Vulnerable Version
H Improper Neutralization of Special Elements in Data Query Logic Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Data Query Logic via the `@Query` regex parameter binding when a bound parameter is placed inside a regular expression literal using `\\Q...\\E` quoting (e.g. `@Query(\"{ name : /^\\\\Q?0\\\\E$/ }\")`). The `ParameterBindingJsonReader` performs insufficient neutralization of the bound parameter value when it is substituted into the regex literal. Because escaping was applied via `replaceAll` (which interprets regex metacharacters in both the pattern and replacement), a bound value containing a `\\E` sequence (or other regex-significant characters) can terminate the intended `\\Q` literal-quoting context and break out into attacker-controlled regular expression syntax. This lets an attacker inject regex constructs into the query filter, manipulating the matching logic to bypass the intended filter or match documents outside the intended scope, which can lead to unauthorized data exposure. Note: This is only exploitable if the application exposes a repository query method whose `@Query` binds an untrusted parameter inside a regex literal. How to fix Improper Neutralization of Special Elements in Data Query Logic? Upgrade `org.springframework.data:spring-data-mongodb` to version 4.5.12, 5.0.6 or higher.	[,4.5.12)[5.0.0-M1,5.0.6)
C Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection') Affected versions of this package are vulnerable to Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection') via parameter binding when a repository query method is annotated with `@Query` and uses a capture-all placeholder. An attacker can execute arbitrary SpEL expressions by supplying crafted input to the annotated query parameter. How to fix Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')? Upgrade `org.springframework.data:spring-data-mongodb` to version 4.5.12, 5.0.6 or higher.	[,4.5.12)[5.0.0-M1,5.0.6)
C SpEL Expression injection Affected versions of this package are vulnerable to SpEL Expression injection when using `@Query` or `@Aggregation-annotated` query methods with `SpEL` expressions. Exploiting this vulnerability is possible if the query parameter placeholders contain unsanitized value binding. Notes: Applications are not affected if one of the followings is true: The annotated repository query or aggregation method does not contain expressions The annotated repository query or aggregation method does not use the parameter placeholder syntax within the expression The user-supplied input is sanitized by the application The repository is configured to use a `QueryMethodEvaluationContextProvider` that limits `SpEL` usage How to fix SpEL Expression injection? Upgrade `org.springframework.data:spring-data-mongodb` to version 3.3.5, 3.4.1 or higher.	[,3.3.5)[3.4.0,3.4.1)

Vulnerability

Vulnerable Version

Improper Neutralization of Special Elements in Data Query Logic

Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Data Query Logic via the @Query regex parameter binding when a bound parameter is placed inside a regular expression literal using \\Q...\\E quoting (e.g. @Query(\"{ name : /^\\\\Q?0\\\\E$/ }\")). The ParameterBindingJsonReader performs insufficient neutralization of the bound parameter value when it is substituted into the regex literal. Because escaping was applied via replaceAll (which interprets regex metacharacters in both the pattern and replacement), a bound value containing a \\E sequence (or other regex-significant characters) can terminate the intended \\Q literal-quoting context and break out into attacker-controlled regular expression syntax. This lets an attacker inject regex constructs into the query filter, manipulating the matching logic to bypass the intended filter or match documents outside the intended scope, which can lead to unauthorized data exposure.

Note:

This is only exploitable if the application exposes a repository query method whose @Query binds an untrusted parameter inside a regex literal.

How to fix Improper Neutralization of Special Elements in Data Query Logic?

Upgrade org.springframework.data:spring-data-mongodb to version 4.5.12, 5.0.6 or higher.

[,4.5.12)[5.0.0-M1,5.0.6)

Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')

Affected versions of this package are vulnerable to Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection') via parameter binding when a repository query method is annotated with @Query and uses a capture-all placeholder. An attacker can execute arbitrary SpEL expressions by supplying crafted input to the annotated query parameter.

How to fix Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')?

Upgrade org.springframework.data:spring-data-mongodb to version 4.5.12, 5.0.6 or higher.

[,4.5.12)[5.0.0-M1,5.0.6)

SpEL Expression injection

Affected versions of this package are vulnerable to SpEL Expression injection when using @Query or @Aggregation-annotated query methods with SpEL expressions. Exploiting this vulnerability is possible if the query parameter placeholders contain unsanitized value binding.

Notes:

Applications are not affected if one of the followings is true:

The annotated repository query or aggregation method does not contain expressions
The annotated repository query or aggregation method does not use the parameter placeholder syntax within the expression
The user-supplied input is sanitized by the application
The repository is configured to use a QueryMethodEvaluationContextProvider that limits SpEL usage

How to fix SpEL Expression injection?

Upgrade org.springframework.data:spring-data-mongodb to version 3.3.5, 3.4.1 or higher.

[,3.3.5)[3.4.0,3.4.1)

org.springframework.data:spring-data-mongodb@1.5.2.RELEASE

latest version

latest non vulnerable version

first published

latest version published

licenses detected

package registry

Direct Vulnerabilities

Fix vulnerabilities automatically