Vulnmachines/Spring_cve-2022-22980

spring data mongodb remote code execution | cve-2022-22980 poc

Spring_cve-2022-22980

spring data mongodb remote code execution | cve-2022-22980 poc

Description

A Spring Data MongoDB application is vulnerable to #SpEL #injection when using @Query or @Aggregation-annotated query methods with SpEL expressions that contain query parameter placeholders for value binding if the input is not sanitized.

Video POC

Follow us for latest exploit POC

YouTube

Twitter

Facebook

LinkedIn