Dynamic-Datasource has an Injection vulnerability
Moderate severity
GitHub Reviewed
Published
Apr 27, 2026
to the GitHub Advisory Database
•
Updated May 5, 2026
Package
Affected versions
<= 4.5.0
Patched versions
None
Description
Published by the National Vulnerability Database
Apr 26, 2026
Published to the GitHub Advisory Database
Apr 27, 2026
Reviewed
May 5, 2026
Last updated
May 5, 2026
A vulnerability was determined in baomidou dynamic-datasource 2.5.0. Affected by this vulnerability is the function DsSpelExpressionProcessor#doDetermineDatasource of the file dynamic-datasource-spring/src/main/java/com/baomidou/dynamic/datasource/processor/DsSpelExpressionProcessor.java of the component StandardEvaluationContext/SpelExpressionParser. This manipulation causes injection. The attack may be initiated remotely. Patch name: 273fcedaee984c08197c0890f14190b86ab7e0b8. It is recommended to apply a patch to fix this issue.
References