提交 #798600: baomidou dynamic-datasource 2.5.0+ SpEL Injection信息

标题baomidou dynamic-datasource 2.5.0+ SpEL Injection
描述dynamic-datasource evaluates @DS values as SpEL expressions in DsSpelExpressionProcessor#doDetermineDatasource using StandardEvaluationContext and SpelExpressionParser without input restriction. When applications use patterns like @DS("#tenant") and bind tenant from untrusted request input, attacker-controlled expressions can be evaluated at runtime. This enables expression injection and can lead to remote code execution depending on runtime exposure and expression payload.
来源⚠️ https://github.com/baomidou/dynamic-datasource/issues/766
用户
 Winegee (UID 96308)
提交2026-04-07 09時39分 (20 日前)
管理2026-04-25 18時10分 (18 days later)
状态已接受
VulDB条目359624 [baomidou dynamic-datasource 2.5.0 StandardEvaluationContext/SpelExpressionParser DsSpelExpressionProcessor.java DsSpelExpressionProcessor#doDetermineDatasource 权限提升]
积分20

上一步一览下一步

Do you need the next level of professionalism?

Upgrade your account now!