Spring Data MongoDB SpEL Expression Injection Vulnerability (CVE-2022-22980) POC

2022-6-23 17:33:28 Author: wiki.ioin.in 阅读量:67 收藏
main
Switch branches/tags

1 branch 0 tags

Code

Files

Permalink

Failed to load latest commit information.

Type

Name

Latest commit message

Commit time

Jun 21, 2022

Jun 21, 2022

Jun 21, 2022

Jun 21, 2022

Jun 21, 2022

Jun 21, 2022

Jun 21, 2022

A local based poc of CVE-2022-22980, for the detail of this vulnerability see https://tanzu.vmware.com/security/cve-2022-22980.

You need to install mongodb on locahost before running.

And I've create a web based poc with docker on dockerv

Run

mvn spring-boot:run

or open with IDEA, and launch the AccessingDataMongodbApplication


From: https://wiki.ioin.in/url/8nav