{"vulnerability": "CVE-2022-22980", "sightings": [{"uuid": "b1b42603-1e51-4661-8c8f-defd072504e4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-22980", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/2557", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2022\n\u63cf\u8ff0\uff1aCVE-2022-22980 \u6f0f\u6d1e\u9776\u573a\uff08\u626b\u63cf\u5668\u53ef\u4f7f\u7528\uff09\nURL\uff1ahttps://github.com/jweny/CVE-2022-22980-web-env\n\n\u6807\u7b7e\uff1a#CVE-2022", "creation_timestamp": "2022-06-22T08:08:28.000000Z"}, {"uuid": "8cb73ac3-781f-4ef7-8ae9-f88111103499", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-22980", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/2555", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2022\n\u63cf\u8ff0\uff1aSpring Data MongoDB SpEL\u8868\u8fbe\u5f0f\u6ce8\u5165\u6f0f\u6d1e(CVE-2022-22980) Demo\u73af\u5883\nURL\uff1ahttps://github.com/li8u99/Spring-Data-Mongodb-Demo\n\n\u6807\u7b7e\uff1a#CVE-2022", "creation_timestamp": "2022-06-22T06:44:14.000000Z"}, {"uuid": "ab8090c3-a5d3-43d9-9df2-a0d33c5d0338", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-22980", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/2558", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2022\n\u63cf\u8ff0\uff1aCVE-2022-22980 \u6f0f\u6d1e\u9776\u573a\uff08\u626b\u63cf\u5668\u53ef\u4f7f\u7528\uff09\nURL\uff1ahttps://github.com/jweny/cve-2022-22980-exp\n\n\u6807\u7b7e\uff1a#CVE-2022", "creation_timestamp": "2022-06-22T08:22:58.000000Z"}, {"uuid": "f3549fa9-30f2-449c-80ab-3c96a555aab5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-22980", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/2549", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2022\n\u63cf\u8ff0\uff1aCVE-2022-22980\u73af\u5883\nURL\uff1ahttps://github.com/kuron3k0/Spring-Data-Mongodb-Example\n\n\u6807\u7b7e\uff1a#CVE-2022", "creation_timestamp": "2022-06-21T13:27:29.000000Z"}, {"uuid": "da47239c-c52b-4261-9563-1e66fcbd4d72", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-22980", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/2547", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2022\n\u63cf\u8ff0\uff1aPoc of CVE-2022-22980\nURL\uff1ahttps://github.com/trganda/CVE-2022-22980\n\n\u6807\u7b7e\uff1a#CVE-2022", "creation_timestamp": "2022-06-21T11:43:30.000000Z"}, {"uuid": "d74ed5ae-81f3-429c-b0a2-054674672537", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-22980", "type": "published-proof-of-concept", "source": "https://t.me/malwar3s/13", "content": "https://github.com/trganda/CVE-2022-22980", "creation_timestamp": "2022-06-29T07:55:23.000000Z"}, {"uuid": "99146f94-9b07-4200-b9cb-8c893825ecb9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-22980", "type": "seen", "source": "https://t.me/arpsyndicate/614", "content": "#ExploitObserverAlert\n\nCVE-2022-22980\n\nDESCRIPTION: Exploit Observer has 27 entries related to CVE-2022-22980. A Spring Data MongoDB application is vulnerable to SpEL Injection when using @Query or @Aggregation-annotated query methods with SpEL expressions that contain query parameter placeholders for value binding if the input is not sanitized.\n\nFIRST-EPSS: 0.010400000\nNVD-IS: 5.9\nNVD-ES: 3.9", "creation_timestamp": "2023-11-27T23:55:37.000000Z"}, {"uuid": "88073c89-2d87-433d-95d2-bae8d4755afe", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-22980", "type": "published-proof-of-concept", "source": "Telegram/N9snSRs4VLMclgVPhD3yScYsymBJt9qk1pCmQHmorPkY8A", "content": "", "creation_timestamp": "2022-06-21T14:10:11.000000Z"}, {"uuid": "fbb94fe8-b5af-459b-96ce-0da5b3a747cb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-22980", "type": "seen", "source": "https://t.me/cibsecurity/45025", "content": "\u203c CVE-2022-22980 \u203c\n\nA Spring Data MongoDB application is vulnerable to SpEL Injection when using @Query or @Aggregation-annotated query methods with SpEL expressions that contain query parameter placeholders for value binding if the input is not sanitized.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-06-23T20:39:48.000000Z"}, {"uuid": "1cc2d5f8-c6f1-4548-a4e5-64297db364f4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-22980", "type": "published-proof-of-concept", "source": "Telegram/EX6V4w5SpHpAfIZcExR4z1wZdtm4BIFDlin1KmbFoWap", "content": "", "creation_timestamp": "2022-06-22T22:24:39.000000Z"}, {"uuid": "3cc72d62-0793-4ebc-b58d-f8c09edbc5a5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-22980", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/6291", "content": "#Threat_Research\n1. Analyzing CVE-2022-22980 to discover a real exploitable path in the source code review process with CodeQL\nhttps://infosecwriteups.com/analyzing-cve-2022-22980-to-discover-a-real-exploitable-path-in-the-source-code-review-process-with-145d97717656\n2. Commonly existing PLC Supply Chain Threats: Multiple critical vulnerabilities in Codesys Runtime (CVE-2022-31805, CVE-2022-31806, CVE-2022-32137)\nhttps://github.com/ic3sw0rd/Codesys_V2_Vulnerability", "creation_timestamp": "2022-06-29T02:51:42.000000Z"}, {"uuid": "34088506-0434-41da-b267-f041a1722f84", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-22980", "type": "seen", "source": "https://t.me/CyberSecurityTechnologies/6263", "content": "#exploit\n1. CVE-2021-30983:\nThe curious tale of a fake Carrier app\nhttps://googleprojectzero.blogspot.com/2022/06/curious-case-carrier-app.html\n\n2. CVE-2022-22980:\nSpring Data MongoDB SpEL Expression injection vulnerability through annotated repository query methods\nhttps://github.com/trganda/CVE-2022-22980", "creation_timestamp": "2022-06-24T12:31:59.000000Z"}]}