Spring AI JSONPath Injection Vulnerability in AbstractFilterExpressionConverter
Vulnerability
A JSONPath injection vulnerability exists in Spring AI's AbstractFilterExpressionConverter, allowing authenticated users to bypass metadata-based access controls by crafting specific filter expressions. This issue arises because user-controlled input is concatenated into JSONPath queries without proper escaping, enabling the injection of arbitrary JSONPath logic to access unauthorized documents. The vulnerability affects applications using vector stores that extend AbstractFilterExpressionConverter for multi-tenant isolation, role-based access control, or document filtering based on metadata. It occurs when special characters in user-supplied filter expression values are not escaped before being added to JSONPath queries, potentially altering the intended query semantics.
Impact
Exploitation of this vulnerability could lead to unauthorized access to documents by bypassing metadata-based access controls through injected JSONPath logic.
Remediation
Users of affected Spring AI versions 1.0.0 through 1.0.x and 1.1.0 through 1.1.x should upgrade to Spring AI 1.0.4 or 1.1.3, respectively.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.