Spring Data MongoDB SpEL Expression Injection Vulnerability (CVE-2022-22980) POC

Spring Data MongoDB SpEL Expression Injection Vulnerability (CVE-2022-22980) POC
2022-6-23 17:33:28 Author: wiki.ioin.in(查看原文) 阅读量:117 收藏

1 branch 0 tags

Code

Latest commit

trganda Update README.md

5646ee7

Jun 23, 2022

Update README.md

5646ee7

Git stats

6 commits

Files

Permalink

Failed to load latest commit information.

Type

Name

Latest commit message

Commit time

.mvn/wrapper

init

Jun 21, 2022

src/main/java/com/example/accessingdatamongodb

Jun 23, 2022

Jun 21, 2022

Jun 21, 2022

Jun 23, 2022

Jun 21, 2022

Jun 21, 2022

Jun 21, 2022

Jun 21, 2022

README.md

A local based poc of CVE-2022-22980, for the detail of this vulnerability see https://tanzu.vmware.com/security/cve-2022-22980.

You need to install mongodb on locahost before running.

And I've create a web based poc with docker on dockerv

Run

mvn spring-boot:run

or open with IDEA, and launch the AccessingDataMongodbApplication

文章来源: https://wiki.ioin.in/url/8nav
如有侵权请联系:admin#unsafe.sh