Home
MEDIUM: 6.4 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:LDefault status
unaffected
4.0.0 (custom) before 4.0.6
affected
3.5.0 (custom) before 3.5.12
affected
3.4.0 (custom) before 3.4.15
affected
3.3.0 (custom) before 3.3.17
affected
3.2.0 (custom) before 3.2.16
affected
3.1.0 (custom) before 3.1.15
affected
3.0.0 (custom) before 3.0.16
affected
2.7.0 (custom) before 2.7.20
affected
Default status
unaffected
4.0.0 (custom) before 4.0.6
affected
3.5.0 (custom) before 3.5.12
affected
3.4.0 (custom) before 3.4.15
affected
3.3.0 (custom) before 3.3.17
affected
3.2.0 (custom) before 3.2.16
affected
3.1.0 (custom) before 3.1.15
affected
3.0.0 (custom) before 3.0.16
affected
2.7.0 (custom) before 2.7.20
affected
Description
A SpEL Injection vulnerability exists in the Spring Data KeyValue if unsanitized user input is passed as Sort into a repository query method that delegates evaluation to the SpelPropertyComparator. Affected versions: Spring Data KeyValue / Spring Data Redis 4.0.0 through 4.0.5; 3.5.0 through 3.5.11; 3.4.0 through 3.4.14; 3.3.0 through 3.3.16; 3.2.0 through 3.2.15; 3.1.0 through 3.1.14; 3.0.0 through 3.0.15; 2.7.0 through 2.7.19.
Problem types
Product status
4.0.0 (custom) before 4.0.6
3.5.0 (custom) before 3.5.12
3.4.0 (custom) before 3.4.15
3.3.0 (custom) before 3.3.17
3.2.0 (custom) before 3.2.16
3.1.0 (custom) before 3.1.15
3.0.0 (custom) before 3.0.16
2.7.0 (custom) before 2.7.20
4.0.0 (custom) before 4.0.6
3.5.0 (custom) before 3.5.12
3.4.0 (custom) before 3.4.15
3.3.0 (custom) before 3.3.17
3.2.0 (custom) before 3.2.16
3.1.0 (custom) before 3.1.15
3.0.0 (custom) before 3.0.16
2.7.0 (custom) before 2.7.20
References
spring.io/security/cve-2026-41719