Vulnerabilities could affect “countless” enterprises and applications that use Spring, researchers say. The design flaws may eventually be found in other Java development environments as well. The first vulnerability allows an attacker to append queries or other data to user input in a database field. The second vulnerability would require more knowledge and effort on the attacker’s part, but is potentially more dangerous. The flaw, dubbed “ModelView Injection,” takes advantage of a design flaw in Spring, which doesn’t provide sufficient default safeguards in the link between the application “model” and the “view””]
Source: https://www.darkreading.com/analytics/vulnerabilities-could-expose-broad-range-of-java-apps