Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Spring AI vector store metadata filtering to handle special characters in Elasticsearch, OpenSearch, and GemFire Vector Stores
Vulnerability Description
In Spring AI Vector Stores, special characters could be used to force the execution of arbitrary queries in Elasticsearch, OpenSearch, and GemFire VectorDB. Affected components: spring-ai-elasticsearch-store, spring-ai-opensearch-store, spring-ai-gemfire-store. Affected versions: Spring AI 1.0.0 through 1.0.x (fix 1.0.9). Spring AI 1.1.0 through 1.1.x (fix 1.1.8).
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L
Vulnerability Type
数据查询逻辑中特殊元素的不当中和
Vulnerability Title
Spring AI 输入验证错误漏洞
Vulnerability Description
Spring Spring AI是美国Spring公司的人工智能框架。 Spring AI存在输入验证错误漏洞,该漏洞源于特殊字符可被用于强制执行Elasticsearch、OpenSearch和GemFire VectorDB中的任意查询。
CVSS Information
N/A
Vulnerability Type
N/A