| Titel | baomidou dynamic-datasource 2.5.0+ SpEL Injection |
|---|
| Beschreibung | dynamic-datasource evaluates @DS values as SpEL expressions in DsSpelExpressionProcessor#doDetermineDatasource using StandardEvaluationContext and SpelExpressionParser without input restriction. When applications use patterns like @DS("#tenant") and bind tenant from untrusted request input, attacker-controlled expressions can be evaluated at runtime. This enables expression injection and can lead to remote code execution depending on runtime exposure and expression payload. |
|---|
| Quelle | ⚠️ https://github.com/baomidou/dynamic-datasource/issues/766 |
|---|
| Benutzer | Winegee (UID 96308) |
|---|
| Einreichung | 07.04.2026 09:39 (vor 20 Tagen) |
|---|
| Moderieren | 25.04.2026 18:10 (18 days later) |
|---|
| Status | Akzeptiert |
|---|
| VulDB Eintrag | 359624 [baomidou dynamic-datasource 2.5.0 StandardEvaluationContext/SpelExpressionParser DsSpelExpressionProcessor.java DsSpelExpressionProcessor#doDetermineDatasource erweiterte Rechte] |
|---|
| Punkte | 20 |
|---|