- [06-20] CVE-2022-22980 is published
- [06-20] Spring Data MongoDB 3.4.1 and 3.3.5 are available
We would like to announce that we have released Spring Data MongoDB 3.4.1 and 3.3.5 to address the following CVE report:
- CVE-2022-22980: Spring Data MongoDB SpEL Expression injection vulnerability through annotated repository query methods
This vulnerability was responsibly reported by Zewei Zhang from NSFOCUS TIANJI Lab on Monday, June 13 2022. The full report will be published to MITRE and as security advisory under tanzu.vmware.com/security in the upcoming days.