Primary

Context

Spring AI Redis Store Unescaped TAG Filter Value Vulnerability in RediSearch

Vulnerability

A vulnerability exists in the `spring-ai-redis-store` component of Spring AI versions 1.0.0 prior to 1.0.5 and 1.1.0 prior to 1.1.4. The issue arises in the `RedisFilterExpressionConverter`, where user-controlled strings can be passed as filter values for TAG fields. The `stringValue()` method then inserts these values directly into the RediSearch TAG block without proper character escaping. This flaw could potentially be exploited to manipulate RediSearch queries by injecting unescaped data into TAG fields.

Impact

Exploitation of this vulnerability allows for injection of unescaped strings into RediSearch TAG fields, which could be used to manipulate query behavior or introduce unexpected results.

Remediation

Users should upgrade to Spring AI version 1.0.5 or 1.1.4, depending on their current version.

Added: Mar 27, 2026, 6:22 AM

Updated: Mar 27, 2026, 6:22 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

7.4

remediation

0.0

relevance

4.8

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

7.4

remediation

0.0

relevance

4.8

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Spring AI Redis Store Unescaped TAG Filter Value Vulnerability in RediSearch

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating