HIGH 7.5
GHSA-q62f-h9x2-gcqc
Spring AI: ChatMemory DEFAULT_CONVERSATION_ID causes unintended cross-user data leakage
Details
Spring AI's chat memory component contained a problematic default that, when not explicitly overridden, could result in unintended data exposure between users.
Are you affected?
Enter the version of the package you're using.
Affected packages
Maven / org.springframework.ai:spring-ai-client-chat
Introduced in:
0 Fixed in: 1.0.7 Fix
# pom.xml: bump <version>1.0.7</version> for org.springframework.ai:spring-ai-client-chat Maven / org.springframework.ai:spring-ai-client-chat
Introduced in:
1.1.0-M1 Fixed in: 1.1.6 Fix
# pom.xml: bump <version>1.1.6</version> for org.springframework.ai:spring-ai-client-chat Maven / org.springframework.ai:spring-ai-client-chat
Introduced in:
2.0.0-M1 Fixed in: 2.0.0-M6 Fix
# pom.xml: bump <version>2.0.0-M6</version> for org.springframework.ai:spring-ai-client-chat Maven / org.springframework.ai:spring-ai-model
Introduced in:
0 Fixed in: 1.0.7 Fix
# pom.xml: bump <version>1.0.7</version> for org.springframework.ai:spring-ai-model Maven / org.springframework.ai:spring-ai-model
Introduced in:
1.1.0-M1 Fixed in: 1.1.6 Fix
# pom.xml: bump <version>1.1.6</version> for org.springframework.ai:spring-ai-model Maven / org.springframework.ai:spring-ai-model
Introduced in:
2.0.0-M1 Fixed in: 2.0.0-M6 Fix
# pom.xml: bump <version>2.0.0-M6</version> for org.springframework.ai:spring-ai-model Maven / org.springframework.ai:spring-ai-advisors-vector-store
Introduced in:
0 Fixed in: 1.0.7 Fix
# pom.xml: bump <version>1.0.7</version> for org.springframework.ai:spring-ai-advisors-vector-store Maven / org.springframework.ai:spring-ai-advisors-vector-store
Introduced in:
1.1.0-M1 Fixed in: 1.1.6 Fix
# pom.xml: bump <version>1.1.6</version> for org.springframework.ai:spring-ai-advisors-vector-store Maven / org.springframework.ai:spring-ai-advisors-vector-store
Introduced in:
2.0.0-M1 Fixed in: 2.0.0-M6 Fix
# pom.xml: bump <version>2.0.0-M6</version> for org.springframework.ai:spring-ai-advisors-vector-store