A query injection vulnerability in Spring AI Vector Stores could allow low-privileged attackers to force the execution of arbitrary queries against backend vector databases.

The vulnerability arises from improper sanitization of special characters within Spring AI Vector Stores. This allows an attacker with low-level access to inject characters that force the execution of unauthorized, arbitrary queries in connected Elasticsearch, OpenSearch, or GemFire VectorDB instances.

With a CVSS score of 8.6, this vulnerability poses a severe risk to the confidentiality and integrity of vector database contents. An attacker could exfiltrate sensitive data stored within the vector space or potentially modify data, impacting the reliability of AI-driven applications and the underlying data sets.

Immediate Action: Update Spring AI components to versions 1.0.9 or 1.1.8 as applicable to your environment.

Proactive Monitoring: Monitor query logs for the specified vector databases for unusual or unauthorized query patterns that deviate from standard application behavior.

Compensating Controls: Implement strict input validation and sanitization for any data passed to the Spring AI Vector Store interface to prevent special character injection.

Public Exploit Available: false

Organizations integrating Spring AI with vector databases should treat this as a high-priority update. Upgrading to the provided patched versions is the most effective way to secure the query interface and prevent unauthorized access to the vector data store.