Overview
About vulnerability
SQL injection vulnerability in Spring AI’s CosmosDBVectorStore allows attackers to execute arbitrary SQL queries via crafted document IDs.
Affected versions: Spring AI: 1.0.0 - 1.0.5 (fixed in 1.0.6), 1.1.0 - 1.1.4 (fixed in 1.1.5)
Details
SQL injection vulnerability in Spring AI’s CosmosDBVectorStore allows attackers to execute arbitrary SQL queries via crafted document IDs.
Affected versions: Spring AI: 1.0.0 - 1.0.5 (fixed in 1.0.6), 1.1.0 - 1.1.4 (fixed in 1.1.5)