Spring Ai
Monthly
NoSQL/query injection in Spring AI Vector Stores (1.0.0-1.0.8 and 1.1.0-1.1.7) allows remote unauthenticated attackers to inject special characters into vector-store inputs and force execution of arbitrary queries against Elasticsearch, OpenSearch, and GemFire VectorDB backends. The flaw resides in the spring-ai-elasticsearch-store, spring-ai-opensearch-store, and spring-ai-gemfire-store components, enabling information disclosure and limited integrity/availability impact against any application embedding Spring AI's vector-store abstraction. No public exploit identified at time of analysis, but the CVSS 8.6 (scope unchanged here, network vector, no privileges) makes this a high-priority patch for any Spring AI deployment ingesting untrusted text.
Path traversal in Spring AI 1.1.0-1.1.x allows authenticated remote attackers to write arbitrary files outside the intended target directory by exploiting unsanitized LLM-influenced filenames in the Anthropic Skills API file-write workflow. The root cause is Spring AI passing filenames derived from LLM output directly to Path.resolve() without input sanitization, enabling directory escape via traversal sequences. No public exploit identified at time of analysis and EPSS is very low (0.04%, 11th percentile), though the high integrity impact (CVSS I:H) makes unauthorized file writes to restricted directories a meaningful concern in production deployments.
NoSQL/query injection in Spring AI Vector Stores (1.0.0-1.0.8 and 1.1.0-1.1.7) allows remote unauthenticated attackers to inject special characters into vector-store inputs and force execution of arbitrary queries against Elasticsearch, OpenSearch, and GemFire VectorDB backends. The flaw resides in the spring-ai-elasticsearch-store, spring-ai-opensearch-store, and spring-ai-gemfire-store components, enabling information disclosure and limited integrity/availability impact against any application embedding Spring AI's vector-store abstraction. No public exploit identified at time of analysis, but the CVSS 8.6 (scope unchanged here, network vector, no privileges) makes this a high-priority patch for any Spring AI deployment ingesting untrusted text.
Path traversal in Spring AI 1.1.0-1.1.x allows authenticated remote attackers to write arbitrary files outside the intended target directory by exploiting unsanitized LLM-influenced filenames in the Anthropic Skills API file-write workflow. The root cause is Spring AI passing filenames derived from LLM output directly to Path.resolve() without input sanitization, enabling directory escape via traversal sequences. No public exploit identified at time of analysis and EPSS is very low (0.04%, 11th percentile), though the high integrity impact (CVSS I:H) makes unauthorized file writes to restricted directories a meaningful concern in production deployments.