Overview
About vulnerability
SVG ImageDescription
In Spring AI Vector Stores, special characters could be used to force the execution of arbitrary queries in Elasticsearch, OpenSearch, and GemFire VectorDB.
SVG ImageAffected Spring Products and Versions
Spring AI:
- 1.0.0 - 1.0.x
- 1.1.0 - 1.1.x
Affected components:
spring-ai-elasticsearch-storespring-ai-opensearch-storespring-ai-gemfire-store
SVG ImageMitigation
Users of affected versions should upgrade to the corresponding fixed version.
| Affected version(s) | Fix version | Availability |
|---|---|---|
| 1.0.x | 1.0.9 | OSS |
| 1.1.x | 1.1.8 | OSS |
No further mitigation steps are necessary.
SVG ImageCredit
The issue was reported responsibly by Nitro Cao (@NitroCao) from Alibaba Cloud.
SVG ImageReferences
Details
SVG ImageDescription
In Spring AI Vector Stores, special characters could be used to force the execution of arbitrary queries in Elasticsearch, OpenSearch, and GemFire VectorDB.
SVG ImageAffected Spring Products and Versions
Spring AI:
- 1.0.0 - 1.0.x
- 1.1.0 - 1.1.x
Affected components:
spring-ai-elasticsearch-storespring-ai-opensearch-storespring-ai-gemfire-store
SVG ImageMitigation
Users of affected versions should upgrade to the corresponding fixed version.
| Affected version(s) | Fix version | Availability |
|---|---|---|
| 1.0.x | 1.0.9 | OSS |
| 1.1.x | 1.1.8 | OSS |
No further mitigation steps are necessary.
SVG ImageCredit
The issue was reported responsibly by Nitro Cao (@NitroCao) from Alibaba Cloud.